[15892] in Kerberos_V5_Development
Re: GSS krb5 mech and ticket expiration
daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Wed Jun 9 14:38:05 2010
Mime-Version: 1.0 (Apple Message framework v1078)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <mailman.529.1276099493.16463.krbdev@mit.edu>
Date: Wed, 9 Jun 2010 11:37:59 -0700
Message-Id: <617A20D3-4ED8-44DA-8816-B963256B517E@jpl.nasa.gov>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Jun 9, 2010, at 9:04 AM, krbdev-request@mit.edu wrote:
> I recently committed a change to stop checking for context expiration
> times in the krb5 GSS mech's wrap and unwrap functions. From the
> commit message:
In an ideal world, I would argue that app's should renew tgt's and rekey sessions transparently as needed. However in practice it seems to me that most services will allow a session or operation to continue to completion, and at most enforce ticket expiration for new operations.
+1, since it seems to match current practice better.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev