On Sat, 2005-02-26 at 15:15 -0600, inode0 wrote: > On Sat, 26 Feb 2005 21:31:29 +0100, Fredrik Tolf <[EMAIL PROTECTED]> wrote: > > Either way, I don't intend to shove the patch down your throat. ;-) > > Oh, I have no objection to your proposed patch. I also don't have any > say in whether it is accepted. Just trying to share what I've been > doing to work around the same issues, although my situation may well > be sufficiently different from others that it isn't useful in general.
I'm sorry if I sounded overly aggressive -- I know that you didn't mean to object. However, when you said that you "didn't perceive it to be a problem with screen", you struck at the heart of something I hadn't really considered -- there _isn't_ really a problem with screen. There's no obvious reason why screen should have to be extended to cover for problems with Kerberos, after all. I guess it's a compromise in one of two directions: 1. Either one agrees with my argument that a screen back-end constitutes a session in itself and therefore should take care to manage its own credential cache in a Kerberos-enabled system. 2. One goes with the other argument that my patch is extending screen with tasks that screen shouldn't have to bother with in the first place, and argues to fix either Kerberos itself or the system integration with Kerberos (for example, associating each process with a kernel-level credential cache would solve this problem as well, and arguable in a nicer way as well -- you'd get automatic credential cache garbage collection, automatic renewal and who knows what more) Now, to be sure: My patch may well not be the best way to go. However, to my knowledge, it's the only currently implemented way to go. The latest versions of the Linux kernel have had an option called CONFIG_KEYS, described as "This option provides support for retaining authentication tokens and access keys in the kernel...", so maybe they're rooting for a kernel-level credential cache. If that is so, then it will probably solve the problem on a better level. Until then, however, there's little choice to my knowledge. Of course, I could be completely wrong altogether in my assessment, so please comment. :-) I've also committed the patch to the Gentoo Linux and Fedora Core bugzillas, so I'll see what they have to say about it. > Best wishes Fredrik. I heartily applaud you for contributing something > of substance that involves two of my favorite things! I'm glad that you, too, see Kerberos that way. Many people that I talk to seem to see Kerberos as some kind of necessary evil, which makes me a bit sad considering how beautiful it is. :-) Fredrik Tolf _______________________________________________ screen-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/screen-users
