Another comment on the inconsistent handling of shared caches.
The screen saver and ssh (if fixed) would only updates the TGT
with a newer TGT.
But kinit -R updates the TGT, AND discards all the other tickets.
So something as simple as (kinit -R ; aklog) could be used to get
a long lasting token after a scree unlock.
So if Sun has applications that are sensitive to not finding a ticket
in a shared cache, you need to look at effects of kinit -R being run
in some other session too.
will young wrote:
Shawn M Emery wrote:
Henry B. Hotz wrote:
On Nov 8, 2007, at 8:30 AM, Douglas E. Engert wrote:
2) Ticket stores should be per-session.
Yes, but I think there should also be a way of acquiring a TGT from
outside of the session. For example; processes that are long running
or delayed execution could use credentials acquired from another
mechanism, such as from password authentication or delegation.
I haven't looked recently but in general there have not been
cohesive sessions to tie processes (and kernel actions) to unless
auditing is enabled.
-Will
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
