Kevin Koch wrote: > Is the 64 bit leash API public or internal only? Most of the 32-bit Leash API is supposedly private but the reality is that it is used by third parties. The 64-bit Leash API is officially private. > If 32 bit and 64 bit MSIs can be built but only one may be installed at a > time, a smart installer that 'does the right thing' must be part of KfW 4. > Please propose how it will work before announcing it as a fait accompli. No one said that 32-bit and 64-bit MSIs could not be installed at the same time.
What I said was that 32-bit NSIS and 64-bit MSI could not be installed at the same time. > > If only one NIM can be installed, then I don't understand the bullet about > UprgadeCodes and parallel installs on 32- and 64-bit MSIs. Why allow > parallel installs? You need parallel installs so that 32-bit applications on the machine have access to 32-bit Kerberos libraries and 64-bit applications have access to 64-bit libraries. > > The value of this [what do you propose calling it?] depends a lot on the > extent to which the ccache server 'does not behave well under Vista UAC.' > Can you elaborate on that? What does "this [what do you propose calling it?]" refer to? Per-session credential caches provide a poor experience on Windows Vista under UAC because processes that run with restricted privileges and processes that run without restrictions are in two different logon sessions even though they share the same desktop. Therefore, if you start a credential cache in the restricted environment, put tickets in it, and then start a process without restrictions, the process without restrictions will not be able to read from the credential cache server in the restricted session and will not be able to make use of the tickets that are stored there. This is the complaint that Richard has. > > Since Kerberos v4 is removed, this is a KfW 4.0 product. I disagree. Kerberos v4 was not removed. Kerberos v4 never existed. KFW 4.0 is removes the Kerberos v4 functionality from 32-bit KFW where people have applications that rely on it. There are no applications that rely on Kerberos v4 KFW support in the 64-bit application space. > How does this > coordinate with the eventual replacement of CCAPI with a platform > independent implementation? > Your CCAPI has to provide a compatible krbcc32.dll and krbcc64.dll. If it doesn't, your implementation won't be compatible with applications built against previous releases of KFW. Hence, there are no transition issues. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ kfwdev mailing list [email protected] http://mailman.mit.edu/mailman/listinfo/kfwdev
