[16728] in Kerberos_V5_Development
Re: Credential collections
daemon@ATHENA.MIT.EDU (Henry B. Hotz)
Thu Mar 24 16:16:28 2011
Mime-Version: 1.0 (Apple Message framework v1082)
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
In-Reply-To: <mailman.96816.1300941143.10242.krbdev@mit.edu>
Date: Thu, 24 Mar 2011 13:16:12 -0700
Message-Id: <DB9EBA4B-FBD9-4B2A-A5D7-FE76AA59CB37@jpl.nasa.gov>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mar 23, 2011, at 9:32 PM, krbdev-request@mit.edu wrote:
>> CLI
>> ---
>>
>> kinit and kdestroy can be used to manage multiple ccaches using the -c
>> flag, but it's not very convenient. ?The only previous work I'm aware
>> of in this area is in KfM, which has the following extensions:
>>
>> * "kinit principal" scans the collection for a ccache for principal,
>> ?and creates a new unique CCAPI ccache if one doesn't exist.
>>
>> * "klist -A" lists creds for all ccaches in the collection.
>>
>> * "kdestroy -A" destroys all ccaches in the collection. ?"kdestroy -p
>> ?principal" scans the collection for a ccache for principal and
>> ?destroys it.
>>
>> * "kswitch -c ccname" or "kswitch -p princname" sets the default
>> ?ccache in the collection. ?(In the normal case this translates into
>> ?a message to the CCAPI daemon. ?When KRB5CCNAME is set the semantics
>> ?are confusing to me and possibly broken.)
I'm perplexed as to why this is being revisited. MIT implemented this stuff (for Apple) quite a long time ago. It works quite nicely (when I need it).
Now if only Apple hadn't destroyed the Kerberos GUI, and kept the (very nicely functional) MIT-written one.
I wouldn't mind if things could be made better, but I'd settle for restoring what was and making it cross-platform (which I thought was the plan, back then).
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
