[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: none

To: Eugeny.Mints@oktet.ru
Subject: Re: none
From: joda@pdc.kth.se (Johan Danielsson)
Date: 25 Oct 2002 19:31:53 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: "Eugeny S. Mints"'s message of "Thu, 24 Oct 2002 22:39:34 +0400 (MSD)"
References: <Pine.LNX.4.10.BCL.10210242208490.746-100000@localhost.localdomain>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

"Eugeny S. Mints" <jack@oktet.ru> writes:

> Could anybody clarify a usage of krb5_context and krb5_auth_context
> structures in more words than 'krb5_context is designed to represent
> the per process stae and krb5_auth_context per connection context'.

I think that describes the situation quite well. The krb5_context
contains "application settings", while the auth_context contains
session keys, sequence numbers and such.

> Examples of usage in multi user, multi processes enviroment are very
> aprecatable.

Each process normally has one krb5_context and one or more
krb5_auth_context's. For multi-threaded applications you could in
theory share both types of contexts between threads, but that would
require locking that we don't have.

> Then I'll change default cache for user0 to cache1 which is empty
> and again execute ,say, ktelnet server0. The queston is: will a new
> TGT be obtained in this case and placed into credental cache cache1?

No, you never automatically get a new TGT, you have to obtain one
manually. There's of course no technical reason why telnet couldn't do
the equivalent of kinit in that case.

/Johan

Follow-Ups:
- Re: none
  - From: "Eugeny S. Mints" <Eugeny.Mints@oktet.ru>

References:
- No Subject
  - From: "Eugeny S. Mints" <jack@oktet.ru>

Prev by Date: Re: Remote vulnerability in kadmind
Next by Date: Re: Heimdal 0.5.1 build problems
Prev by thread: No Subject
Next by thread: Re: none
Index(es):
- Date
- Thread