[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd with SASL

> From:    Luke Howard <lukeh@PADL.COM>
> To:      kurt@OpenLDAP.org

> One thing we found when Kerberizing NetInfo (many years ago,
> mind you) is that the Kerberos client libraries didn't provide
> a mechanism to refresh the credentials cache (similar
> circumstances: NetInfo was acting as a Kerberos V client
> for repliation purposes).

This fact makes kerberized slurpd ineffective if we have to run it
under reauth or the like.  I've found for the most part that kerberized
applications need knowledge of the underlying authentication
architecture.  Now functional way around it.