Subject: Re: kauth_cred_set* change proposal
To: YAMAMOTO Takashi <email@example.com>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 07/11/2006 20:03:22
Content-Type: text/plain; charset=us-ascii
On Wed, Jul 12, 2006 at 07:47:44AM +0900, YAMAMOTO Takashi wrote:
> > If we do add native support for PAGs, then we will need something like=
> > what Jonathan was describing; one process, the credential updater, will=
> > need to change the credentials for all processes in the same PAG. Thus =
> > process will need to make cred changes that all processes can see.
> > As an aside, I really like PAGs and would love it if our kerberos used =
> > PAG as a ticket store.
> although i'm not sure if it's a good idea or not,
> i don't think my proposed change prevents storing "pag id" into kauth_cre=
> after kauth_cred_setuid() "copy-on-write" a credential, both of
> new and old kauth_cred_t will keep the same "pag id".
Right. If all we do is add "PAG ID" to the kauth_cred_t, then everything=20
As I think about it, even if/when we add more formal support for PAGs, we=
probably still want kauth_cred_t to still contain a pointer/reference/id=20
to the PAG as opposed to the whole PAG. So this is fine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----