>I have lots of uses for PAGs besides tracking krb5 tix. I don't want a
>PAG-like item per-such use. I want a daemon (least priv and all that)
>that tracks PAG<->{whatever} associations.
I'm curious ... why do you want a userspace daemon to be involved? I think
you could simplify things by making a complete kernel-only implementation.
I know that gssd is userspace, but that's obviously because it would suck
to cram the whole Kerberos and GSS libraries into the kernel. If it's
just "associate this processes tree with this cookie", then it would be
simpler (I think) to make the whole thing kernel-only.
(I am personally not worried about the API; I'm sure whatever the API ends
up being, it will be fine. It's the implementation that concerns me).
--Ken
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
