Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

[Ken Hornstein <kenh@cmf.nrl.navy.mil>]

>> - It seems like all of these schemes were originally designed for processes
>>   that were tightly coupled; they weren't designed to work across a login
>>   session.  They work, but they feel ... fragile, somehow.
>
>I guess I don't understand what this means.  A process is either related
>to another process or it's not.  When you say "loosely coupled", what
>exactly do you want?

Note that I didn't say "related".

The examples I see of the uses of shared file descriptors and
MAP_SHARED are classic multiprogramming; one process forking off copies
of itself to do other tasks.  I haven't seen any examples of the use of
a shared file descriptor or MAP_SHARED mapping set up a login time and
expected to be available to all of a user's shells, X server, xterms,
etc etc.  Now it may work ... but it doesn't seem like it was the
original intention.  I can at least say that getting a shared file
descriptor to all decendant processes involves some hackery to get
programs like the shell to not close it.

>But you use the MIT implementation, right?  I would not work on the guts
>of MIT Kerberos again for all the tea in China.

Well, I didn't think it was about _ME_ using it ... I thought it was about
proving me wrong :-)  But if it worked fine, I would probably port it from
Heimdal to MIT.

(According to a just-received email from Howard Chu, mmap'd regions are
dropped on exec; I have not verified that myself, but assuming he is
correct then that means it's not useable without a shared file descriptor
or some other coordination mechanism).

--Ken