[36603] in Kerberos
Re: Does /etc/krb5.conf have to be present and identical on all
daemon@ATHENA.MIT.EDU (Nico Williams)
Wed Nov 5 15:09:18 2014
MIME-Version: 1.0
In-Reply-To: <CAEGpuohVkvvELn=N1cfW7Y980XZVZruZctYA_L-avwa5Xsb-bQ@mail.gmail.com>
Date: Wed, 5 Nov 2014 14:09:08 -0600
Message-ID: <CAK3OfOjiG+qTVzxsdW6OV4nhqr8V0rqLYXRHuTT0VUgqLKWL_A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Booker Bense <bbense@gmail.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, Nov 5, 2014 at 1:47 PM, Booker Bense <bbense@gmail.com> wrote:
> [1]- a process can have more than one krb5_context, but let's not get too
> crazy.
GSS-API acceptor apps that use the default acceptor credential can
trivially be in "multiple realms" at once in one process. I've
certainly seen this happen, and even set it up.
For this and other reasons I don't think it's a good idea to tie
"realm" to "process". It's not too inaccurate, but it's not helpful
enough to be worth the trouble.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
