[3548] in Kerberos
Re: Let's make some decisions re Kerberos 4 credential cache API
daemon@ATHENA.MIT.EDU (Douglas Hornig)
Thu Jul 14 10:04:38 1994
Date: Thu, 14 Jul 1994 09:49:16 -0400
To: kerberos@MIT.EDU
From: Douglas_Hornig@cornell.edu (Douglas Hornig)
It is going to take me a little while to digest all this. My concern at
this moment is that this API may not support a kadmin-type application on
non-Unix platforms. We have such applications running on Macs using
KClient. The following two paragraphs seem to contradict each other on
this matter.
>I've come to the tentative conclusion that the Unix Kerberos interface
>(multi cache, selected outside the application) is best. My
>experience says that it is a very rare application which knows or
>cares "which credential cache" it is using. Essentially all
>applications except those *distributed with* kerberos will use the
>default cache. For this reason, and for compatability with the
>traditional Kerberos API, there appears to be no reason to be passing
>cache identifiers in ANY of the function calls.
>
>The few applications (like Unix kadmin) which want to use a separate
>cache already have an interface for changing the default cache --
>krb_set_tkt_string. I propose that we support this API interface
>for multiple ticket caches on all platforms.
Doug Hornig
Project Mandarin
Cornell University
