Re: MEMORY credential cache interop between Heimdal and MIT?

[Ken Hornstein <kenh@cmf.nrl.navy.mil>]

>Of course there's a flaw in both this daemon idea and in Michael's ioctl idea - 
>if a process's parent exits, the child becomes owned by process 1, so you can't 
>rely on walking up the process tree to find a parent ccache. The only sure 
>thing is descriptor inheritance, and that only works if a particular process 
>doesn't stomp on the descriptor before spawning any children.

In practice this is the real problem with inheriting descriptors across
a session.  There are a number of tricks you can do to help prevent
processes from closing the descriptor you care about, and they mostly
work.  But I think the only real solution in the long run is something
that uses a kernel-based facility.  The Linux keyrings is an example of
something you could use; I am not sure if other operating systems have
similar things.

--Ken