On 2013-03-08 18:14, Benjamin Kaduk wrote: > On Thu, 7 Mar 2013, Thomas Sondergaard wrote: > >> On 06-03-2013 23:25, Benjamin Kaduk wrote: >>> On Wed, 6 Mar 2013, Thomas Sondergaard wrote: >> >> A few follow-up questions: >> >> Is the maturity of kwf-4.0.1 lower than kfw-3.2.2? On krbcc32s.exe I >> believe the -k option works. > > Well, that depends both on what you mean by maturity and what you mean > by kfw. > Also, could you please point to where ccapiserver -k is documented? > ccapiserver is not intended to be run manually, so far as I know.
"ccapiserver -h" is how I found it. > >> Is kfw-4.0.1 substantially the same or kfw-3.2.2 or has it been >> rewritten? Can I trust it, is what I'm asking :-) > > KfW 3.2 is based off the krb5 1.6 codebase, with some windows-specific > bits like the Network Identity Manager and the krbcc32s.exe server. > KfW 4.0 is based off the krb5 1.10 codebase, with some > windows-specific bits like the MIT Kerberos Ticket Manager application > and its ccapiserver.exe. The krb5-1.10 codebase is mature and well > tested; the krb5-1.6 codebase is perhaps so mature so as to be stale > -- it is certainly no longer supported by the security team. > > The MIT Kerberos Ticket Manager application is based off the Leash > codebase which was used in KfW 2.6, but updated for compatibility with > modern versions of Windows and the Ribbon interface. The ccapiserver > for CCAPIv3 support is code that has not been previously released. > However, since you seem to not be using either the ticket manager > application or the ccapiserver, it would seem that for your purposes, > kfw-4.0.1 is mature and should be preferred. Excellent, that makes me more confident in moving forward with kfw-4.0.1 > >>> src/windows/installer/wix/custom/custom.cpp:KillRunningProcessesSlave() >>> is an existing routine which searches for and terminates other >>> processes. I don't think it's up to current Microsoft >>> recommendations for doing so, but it may be useful as an example if >>> you need a place to start. >> >> It it using the Process32First/Process32Next from the Tool Help >> Library. There is also the EnumProcesses API. Either will work if we >> just want to run through the processes and kill any process with the >> same executable file path as us (except we shouldn't kill ourselves >> :-)). Is that good enough? I think I can tinker that together, >> without too much trouble. > > That sounds okay to me; I could take a patch for this. The preferred > submission path is a github pull request to > https://github.com/krb5/krb5 but we can handle other submissions as well. Perhaps the -k switch should simply be removed from the usage text if it is not intended to be there. I couldn't find anything like it in the mac code (which I gather is where this project started). For my own purposes, I have discovered that I can avoid the ccapiserver and that the MEMORY: ticket cache will serve me best, so I don't really need ccapiserver at all. Thanks a lot for all your help - it made a difference. Thomas -- Thomas Søndergaard Technical R&D Manager Mobile: (+45) 5157 3090 Skype: tsondergaard Medical Insight A/S Krumtappen 4, Etage 3 2500 Valby Denmark _______________________________________________ kfwdev mailing list [email protected] http://mailman.mit.edu/mailman/listinfo/kfwdev
