On Thu, 2011-12-01 at 19:31 -0500, John Dennis wrote:
> On 12/01/2011 06:54 PM, Dmitri Pal wrote:
> > Seems reasonable. I agree with pros and cons and suggestions but I am
> > not the person to make the final approval. Simo?
> >
> > Question for John: Is there any benefit for CLI or it is for UI only?
> Currently it would benefit the UI only. That's mostly because there is 
> no mechanism in the cli to cache the session ID. Adding that wouldn't be 
> too difficult except for the issue of how to store the session ID 
> securely, it would have to be written to a file (unlike with a browser 
> which is supposed to hold session cookies in memory). Is there an 
> ability to add a data item like this to the user's kerberos credential 
> cache?

Yes we could create a fake key and stick the session id in it.
That was the trick we proposed using when this question was raised a few
months ago during a conference call on the matter.


Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to