[3589] in Kerberos
Re: Let's make some decisions re Kerberos 4 credential cache API
daemon@ATHENA.MIT.EDU (Rich Salz)
Thu Jul 21 13:21:41 1994
To: kerberos@MIT.EDU
Date: 21 Jul 1994 16:48:24 GMT
From: rsalz@osf.org (Rich Salz)
In <199407140745.AAA07370@cygnus.com> kerberos@MIT.EDU writes:
>I've come to the tentative conclusion that the Unix Kerberos interface
>(multi cache, selected outside the application) is best. My
>experience says that it is a very rare application which knows or
>cares "which credential cache" it is using. Essentially all
>applications except those *distributed with* kerberos will use the
>default cache. For this reason, and for compatability with the
>traditional Kerberos API, there appears to be no reason to be passing
>cache identifiers in ANY of the function calls.
For what it's worth, this is the same model that DCE uses for its
"login context". A default one is inherited and used, but a program
can create and delete caches and pick one of them to be the default.
It can also get a cache "handle" to that cache which it can pass to another
program to import.
Seems to be a good model.
/r$
