Subject: Re: kauth_cred_set* change proposal
To: YAMAMOTO Takashi <>
From: Bill Studenmund <>
List: tech-kern
Date: 07/11/2006 20:03:22
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 12, 2006 at 07:47:44AM +0900, YAMAMOTO Takashi wrote:
> > If we do add native support for PAGs, then we will need something like=
> > what Jonathan was describing; one process, the credential updater, will=
> > need to change the credentials for all processes in the same PAG. Thus =
> > process will need to make cred changes that all processes can see.
> >=20
> > As an aside, I really like PAGs and would love it if our kerberos used =
> > PAG as a ticket store.
> although i'm not sure if it's a good idea or not,
> i don't think my proposed change prevents storing "pag id" into kauth_cre=
> after kauth_cred_setuid() "copy-on-write" a credential, both of
> new and old kauth_cred_t will keep the same "pag id".

Right. If all we do is add "PAG ID" to the kauth_cred_t, then everything=20
is fine.

As I think about it, even if/when we add more formal support for PAGs, we=
probably still want kauth_cred_t to still contain a pointer/reference/id=20
to the PAG as opposed to the whole PAG. So this is fine.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)