[15892] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: GSS krb5 mech and ticket expiration

daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Wed Jun 9 14:38:05 2010

Mime-Version: 1.0 (Apple Message framework v1078)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <mailman.529.1276099493.16463.krbdev@mit.edu>
Date: Wed, 9 Jun 2010 11:37:59 -0700
Message-Id: <617A20D3-4ED8-44DA-8816-B963256B517E@jpl.nasa.gov>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu


On Jun 9, 2010, at 9:04 AM, krbdev-request@mit.edu wrote:

> I recently committed a change to stop checking for context expiration
> times in the krb5 GSS mech's wrap and unwrap functions.  From the
> commit message:


In an ideal world, I would argue that app's should renew tgt's and rekey sessions transparently as needed.  However in practice it seems to me that most services will allow a session or operation to continue to completion, and at most enforce ticket expiration for new operations.

+1, since it seems to match current practice better.

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu




_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post