[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: thoughts/comments on renewal/revocation/cleanup



Derrick J Brashear writes:
> >  Hmm.  That's a hard one.  In the current framework, I'd argue the "right
> >  way" is to get the tokens and tickets twice.  Once in the authentication
> >  phase, and again the session management phase, and to destroy the
> >  tickets and tokens at the end of the authentication phase.  This is ugly
> >  and inefficient, but I don't see a better way of doing things.  
>
> Right now I do something like that. I get them in the auth phase,
> and stuff them away for later in pam variables and destroy them. No
> matter what, though,
>
> I can't figure out how to avoid the problem of ending up with them
> laying around in some scenario... unless I use a cleanup function of
> some sort which cheats badly. I may do that.

What is so bad about using pam_set_data() and a cleanup() function?
Why is this cheating?  I am under the impression that this is exactly
the reason that these functions are part of the API.

Regards

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []