PSARC 2009/271 Credential Process Groups (CPGS)
Garrett D'Amore
gdamore at sun.com
Tue May 5 21:35:27 PDT 2009
Will Fiveash wrote:
> In
> http://sac.sfbay.sun.com/Archives/CaseLog/arc/PSARC/2009/271/inception.materials/Overview-terse.txt
> there is:
>
> Architecture:
>
> CPG membership is driven primarily by PAM modules and applications:
>
> ...
>
> - svc:/system/cpg/krb5:default registers the "krb5" CPG type and runs a
> daemon to kdestroy Kerberos V credentials when the last reference to
> a CPG vanishes.
>
> How does this interact with svc:/network/security/ktkt_warn? Seems to
> me that there should be one service tending to the needs of the krb5
> related ccache. Perhaps the function of ktkt_warn can be folded into
> svc:/system/cpg/krb5?
>
Seems like a reasonable idea, but I'm not familiar enough with kerberos
itself to comment on this.
Nico?
- Garrett
More information about the opensolaris-arc
mailing list