Skip Menu |
 

History Show all quoted textShow full headers
# Mon May 02 12:33:50 2005 "Henry B. Hotz" <hotz@jpl.nasa.gov> - Ticket created
To: krb5-bugs@mit.edu
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Fri, 29 Apr 2005 17:35:06 -0700
Subject: Feature Request 2c for 1.5 (or whatever)
Download (untitled) / with headers
text/plain 454B
Ability to create a new cache storage context that won't leak
permissions to its parent process(es). Getting admin rights in one
window shouldn't imply those rights for every other window on my screen
if I don't want it to.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
# Mon May 02 13:01:19 2005 raeburn (Ken Raeburn) - Correspondence added
From: Ken Raeburn <raeburn@MIT.EDU>
Subject: Re: [krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever)
Date: Mon, 2 May 2005 13:01:04 -0400
To: rt@krbdev.mit.edu
RT-Send-Cc:
Download (untitled) / with headers
text/plain 568B
On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote:
Show quoted text
> Ability to create a new cache storage context that won't leak
> permissions to its parent process(es). Getting admin rights in one
> window shouldn't imply those rights for every other window on my screen
> if I don't want it to.

You're basically describing something akin to AFS PAGs.
We're not going to reinvent PAGs, but for systems with similar
capabilities, we can explore using them. I believe someone is already
looking at using the new Linux kernel key-ring stuff for Kerberos
credentials.

Ken
# Mon May 02 13:35:32 2005 "Henry B. Hotz" <hotz@jpl.nasa.gov> - Comments added
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: [krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever)
Date: Mon, 2 May 2005 10:33:34 -0700
To: rt-comment@krbdev.mit.edu
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.1KiB
Absolutely I'm describing PAG's.

I'm just trying to specify what characteristics of PAG's I care about.
Don't want to submit a request that says "include the OAFS kernel
module in your distribution so you can store tickets in the kernel
token store". I know you guys would (rightly!) barf on that kind of
request. ;-)

On May 2, 2005, at 10:01 AM, Ken Raeburn via RT wrote:

Show quoted text
> On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote:
>> Ability to create a new cache storage context that won't leak
>> permissions to its parent process(es). Getting admin rights in one
>> window shouldn't imply those rights for every other window on my
>> screen
>> if I don't want it to.
>
> You're basically describing something akin to AFS PAGs.
> We're not going to reinvent PAGs, but for systems with similar
> capabilities, we can explore using them. I believe someone is already
> looking at using the new Linux kernel key-ring stuff for Kerberos
> credentials.
>
> Ken
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
# Fri Jan 06 20:40:30 2006 tlyu (Taylor Yu) - Subject changed from 'Feature Request 2c for 1.5 (or whatever)' to 'PAG-like semantics for ccache'
# Fri Jan 06 20:40:31 2006 tlyu (Taylor Yu) - Component krb5-libs added
# Fri Jan 06 20:40:31 2006 tlyu (Taylor Yu) - Tags enhancement added