Kevin Koch wrote: > I've outlined the main parts of the Windows CCAPI design for your reading > enjoyment at http://web.mit.edu/kpkoch/Public/CCAPI-Windows-Design.html. Kevin:
This is not a criticism of your proposal. At the time the decision was made to implement another "per-session credential server" there was no CCAPI implementation compatible with 64-bit Windows and the expectation was that this CCAPI implementation would be delivered in January 2008. Given that there is now 64-bit CCAPI support for the existing service, what is the benefit of pursuing another "per-session implementation" when it is known that a per-machine service implementation is eventually required in order to support Vista UAC sessions and separation of privileges between NT Services all running under the SYSTEM account? I am concerned that a Vista UAC compatible CCAPI service will not be until 2009 or beyond. Perhaps you could evaluate whether or not the per-machine solution could be completed before the anticipated release of Kerberos v5 1.7 in the second half of 2008. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev
