Henry B. Hotz wrote:
On Nov 8, 2007, at 8:30 AM, Douglas E. Engert wrote:
Thanks for the response, and so some of my comments below.
I'll second Doug's concerns:
1) Should save the new tgt even if the old one isn't expired. I
expect ancillary service tickets to be erased and for applications
that need them to be smart enough to reacquire them if needed. (AFS
usually isn't, but it has a separate credential store so it's service
ticket usually isn't erased either. Wish it did auto-acquire, but
that's another subject.)
I'll review the applications (at least w/in the Solaris OE) to see if
they are not impacted negatively from this. Can you think of any other
3rd party applications that would be? If the list is long then it would
be preferred to preserve the old behavior and to allow the new.
2) Ticket stores should be per-session.
Yes, but I think there should also be a way of acquiring a TGT from
outside of the session. For example; processes that are long running or
delayed execution could use credentials acquired from another mechanism,
such as from password authentication or delegation.
Shawn.
--
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
