Received: from nmta3.jpl.nasa.gov (nmta3.jpl.nasa.gov [137.78.160.108]) by krbdev.mit.edu (8.9.3p2) with ESMTP id NAA04028; Mon, 2 May 2005 13:35:30 -0400 (EDT) Received: from xmta1.jpl.nasa.gov (xmta1.jpl.nasa.gov [137.78.160.144]) by nmta3.jpl.nasa.gov (Switch-3.1.7/Switch-3.1.7) with ESMTP id j42HYx0R002637 for ; Mon, 2 May 2005 10:34:59 -0700 Received: from [137.78.235.247] (dhcp-78-235-247.jpl.nasa.gov [137.78.235.247]) by xmta1.jpl.nasa.gov (Switch-3.1.7/Switch-3.1.7) with ESMTP id j42HXjxM011355 for ; Mon, 2 May 2005 10:34:49 -0700 MIME-Version: 1.0 (Apple Message framework v622) In-Reply-To: References: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5af664ca7cd80eda9573b823811841b5@jpl.nasa.gov> Content-Transfer-Encoding: 7bit From: "Henry B. Hotz" Subject: Re: [krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever) Date: Mon, 2 May 2005 10:33:34 -0700 To: rt-comment@krbdev.mit.edu X-Mailer: Apple Mail (2.622) X-Source-Ip: dhcp-78-235-247.jpl.nasa.gov [137.78.235.247] X-Source-Sender: hotz@jpl.nasa.gov X-Auth: Internal IP RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1205 Absolutely I'm describing PAG's. I'm just trying to specify what characteristics of PAG's I care about. Don't want to submit a request that says "include the OAFS kernel module in your distribution so you can store tickets in the kernel token store". I know you guys would (rightly!) barf on that kind of request. ;-) On May 2, 2005, at 10:01 AM, Ken Raeburn via RT wrote: > On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote: >> Ability to create a new cache storage context that won't leak >> permissions to its parent process(es). Getting admin rights in one >> window shouldn't imply those rights for every other window on my >> screen >> if I don't want it to. > > You're basically describing something akin to AFS PAGs. > We're not going to reinvent PAGs, but for systems with similar > capabilities, we can explore using them. I believe someone is already > looking at using the new Linux kernel key-ring stuff for Kerberos > credentials. > > Ken ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu