[20311] in Kerberos_V5_Development
Re: Not building kcpytkt/kdeltkt
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Wed Aug 4 13:34:53 2021
Message-ID: <202108041734.174HYNgL020285@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Robbie Harwood <rharwood@redhat.com>
In-Reply-To: <jlgfsvp5du5.fsf@redhat.com>
MIME-Version: 1.0
Date: Wed, 04 Aug 2021 13:34:20 -0400
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>> But the fact that krb5_cc_remove_cred() is used by Samba suggests to me
>> that kdeltkt might be useful on other platforms, especially if you're
>> using a Windows DC?
>
>I don't think that follows. krb5's API covers a much wider range of
>functionality than the CLI does. There needs to be a stronger case than
>"might be useful" to ship something.
I guess I was thinking of what I would call the next logical steps:
- Samba has found it useful to be able to delete a specific service ticket
from a credential cache when communicating with a Windows DC, to the
point where the functionality was added to a number of credential
caches.
- People who are using MIT Kerberos directly with a Windows DC also might
find it useful to delete a specific service ticket from a credential cache,
for the same reasons that Samba finds it useful.
If my logic is wrong or not compelling enough, fair enough.
--Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
