[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: none

"Eugeny S. Mints" <jack@oktet.ru> writes:

> Could anybody clarify a usage of krb5_context and krb5_auth_context
> structures in more words than 'krb5_context is designed to represent
> the per process stae and krb5_auth_context per connection context'.

I think that describes the situation quite well. The krb5_context
contains "application settings", while the auth_context contains
session keys, sequence numbers and such.

> Examples of usage in multi user, multi processes enviroment are very
> aprecatable.

Each process normally has one krb5_context and one or more
krb5_auth_context's. For multi-threaded applications you could in
theory share both types of contexts between threads, but that would
require locking that we don't have.

> Then I'll change default cache for user0 to cache1 which is empty
> and again execute ,say, ktelnet server0. The queston is: will a new
> TGT be obtained in this case and placed into credental cache cache1?

No, you never automatically get a new TGT, you have to obtain one
manually. There's of course no technical reason why telnet couldn't do
the equivalent of kinit in that case.