[39592] in Kerberos
Re: interested in discussing some Kerberos improvements
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Mar 31 12:18:25 2026
Date: Tue, 31 Mar 2026 11:16:54 -0500
From: Nico Williams <nico@cryptonector.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Message-ID: <acvzdnStz1eja7tF@ubby>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <202603310142.62V1gCdW028597@hedwig.cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, Mar 30, 2026 at 09:42:12PM -0400, Ken Hornstein via Kerberos wrote:
> >> Are you referring to the mode of kinit where it runs a command and keeps
> >> it supplied with fresh tickets? MIT Kerberos' kinit does not have that
> >> mode.
> >
> >Yes that's what I'm referring to. If it's not yet supported by the MIT
> >kinit, I would certainly recommend that it be added, it's very helpful.
>
> Can't speak for anyone else, but we use "k5start" for this.
IMO it should be a native feature of some tool in MIT Kerberos, but I
admit there are portability issues. Heimdal has a bunch of code to do
this on Unix and Windows, but it completely glosses over issues to do
with setting the process group of the child, handling signals correctly,
etc. So it makes some sense that the work of launching a child process
and monitoring its state should be done by another tool than kinit
itself if doing so simplifies things. Still, IMO the requesite
functionality can be isolated into well-designed utility library
functions, so it might be worth doing for MIT Kerberos.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
