> If we were to push the ccache into a separate daemon (like the LSA on Windows) then it would seem that the clients still need a way to prove to this daemon that they are authorized to gain access to the ccache entry. This would likely still involve the daemon learning the uid of the requesting process to know which ccache entry to allow access.
In Solaris we have a way to reasonably safely pass a UID between processes, but it seems like we're still back to UID based access controls. The main difference is elimination of relying on the file system permissions to perform the access controls instead now relying on this new daemon. Is this a significant improvement? > -----Original Message----- > From: Nicolas Williams [mailto:[EMAIL PROTECTED]] > Sent: 03 October 2001 20:31 > To: Paul B. Hill; [EMAIL PROTECTED] > Subject: Re: Ticket stored, accessed where? > > It would be nice if there were an agent-type ccache for Unix, much like > the ccapi one for Windows. Heck, the SSH ssh-agent could be a good place > to start, particularly in view of SSH's agent forwarding feature. > > Nico
