IETF Logo Mail Archive

Re: [kitten] GSS-API and timeouts

Russ Allbery <rra@stanford.edu> Wed, 04 April 2012 22:18 UTC

Return-Path: <rra@stanford.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DCB511E8110 for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 15:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdngMrIjbHaS for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 15:18:53 -0700 (PDT)
Received: from smtp.stanford.edu (smtp3.Stanford.EDU [171.67.219.83]) by ietfa.amsl.com (Postfix) with ESMTP id C58B211E80C2 for <kitten@ietf.org>; Wed, 4 Apr 2012 15:18:53 -0700 (PDT)
Received: from smtp.stanford.edu (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 84679441BB6 for <kitten@ietf.org>; Wed, 4 Apr 2012 15:18:52 -0700 (PDT)
Received: from windlord.stanford.edu (windlord.Stanford.EDU [171.67.225.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.stanford.edu (Postfix) with ESMTPS id 144A2441185 for <kitten@ietf.org>; Wed, 4 Apr 2012 15:18:52 -0700 (PDT)
Received: by windlord.stanford.edu (Postfix, from userid 1000) id CEF322F46D; Wed, 4 Apr 2012 15:18:51 -0700 (PDT)
From: Russ Allbery <rra@stanford.edu>
To: kitten@ietf.org
In-Reply-To: <87hawzjty8.fsf@latte.josefsson.org> (Simon Josefsson's message of "Wed, 04 Apr 2012 19:19:27 +0200")
Organization: The Eyrie
References: <87obr7lfqc.fsf@latte.josefsson.org> <1333554538.22628.292.camel__5672.95260630107$1333554546$gmane$org@willson.li.ssimo.org> <87hawzjty8.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
Date: Wed, 04 Apr 2012 15:18:51 -0700
Message-ID: <87y5qbnnsk.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [kitten] GSS-API and timeouts
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 22:18:54 -0000

Simon Josefsson <simon@josefsson.org> writes:

> Yeah, it is not optimal.  We could make it take a 'gss_ctx_id_t'
> parameter so the timeout is just for a particular context, but then
> there is no way to specify a timeout for the initial call that generate
> the gss_ctx_id_t.

The lack of ability to set options on the initial call has been a problem
for a long time.  In a Kerberos context, it currently means that one has
to set a per-thread global for the ticket cache to use, for example,
rather than attaching some state to a specific GSS-API interaction.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

v2.23.0 | Report a Bug | By Email