[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MEMORY credential cache interop between Heimdal and MIT?
Howard Chu wrote:
> Michael B Allen wrote:
>> But using a file backed mapping is still no better than a disk file
>> ccache. You would have to use an anonymous mapping to protect the storage
>> from non-decendent processes.
> Anyway, the notion of a kernel driver to solve this problem is definitely
> overkill. You can get the same functionality in purely user-level code.
Of course there's a flaw in both this daemon idea and in Michael's ioctl idea -
if a process's parent exits, the child becomes owned by process 1, so you can't
rely on walking up the process tree to find a parent ccache. The only sure
thing is descriptor inheritance, and that only works if a particular process
doesn't stomp on the descriptor before spawning any children.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/