Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.9.3p2) with ESMTP id NAA03928; Mon, 2 May 2005 13:01:16 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.12.4/8.9.2) with ESMTP id j42H1DQM013124; Mon, 2 May 2005 13:01:13 -0400 (EDT) Received: from [18.18.1.76] (KEN-WIRELESS.MIT.EDU [18.18.1.76]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.12.4/8.12.4) with ESMTP id j42H16wT021201 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT); Mon, 2 May 2005 13:01:06 -0400 (EDT) In-Reply-To: References: MIME-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <591e1143dcfdba5147af8fca3c9703e8@mit.edu> Content-Transfer-Encoding: 7bit From: Ken Raeburn Subject: Re: [krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever) Date: Mon, 2 May 2005 13:01:04 -0400 To: rt@krbdev.mit.edu X-Mailer: Apple Mail (2.622) X-Spam-Score: -4.9 X-Spam-Flag: NO X-Scanned-BY: MIMEDefang 2.42 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 568 On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote: > Ability to create a new cache storage context that won't leak > permissions to its parent process(es). Getting admin rights in one > window shouldn't imply those rights for every other window on my screen > if I don't want it to. You're basically describing something akin to AFS PAGs. We're not going to reinvent PAGs, but for systems with similar capabilities, we can explore using them. I believe someone is already looking at using the new Linux kernel key-ring stuff for Kerberos credentials. Ken