KIM Favorite Identities Overview

Introduction

As Kerberos becomes more widespread, the number of possible Kerberos identities and realms a user might want to use will become very large. Sites may list hundreds of realms in their Kerberos configuration files. In addition, sites may wish to use DNS SRV records to avoid having to list all the realms they use in their Kerberos configuration. As a result, the list of realms in the Kerberos configuration may be exceedingly large and/or incomplete. Users may also use multiple identities from the same realm.

On platforms which use a GUI to acquire credentials, the KIM would like to to display a list of identities for the user to select from. Depending on what is appropriate for the platform, identities may be displayed in a popup menu or other list.

To solve this problem, the KIM maintains a list of favorite identities specifically for identity selection. This list is a set of unique identities in alphabetical order (as appropriate for the user's language localization).

On most platforms the list of favorite identities has both an administrator preference and a user preference which overrides it. The administrator preference exists only to initialize the favorite identities for new user accounts. Once the user modifies the list their favorite identities may diverge from the site favorite identities preference.

Note:

The location of user preferences and the semantics of preference synchronization is platform-specific. Where possible KIM will use platform-specific preference mechanisms.

Most callers will not need to use the favorite identities APIs. However if you are implementing your own graphical prompt callback or a credential management application, you may to view and/or edit the user's favorite identities.

Viewing and Editing the Favorite Identities

First, you need to acquire the Favorite Identities stored in the user's preferences using kim_preferences_create() and kim_preferences_get_favorite_identities(). Or you can use kim_favorite_identities_create() to get an empty identities list if you want to overwrite the user's identities list entirely. See KIM Preferences Overview for more information on modifying the user's preferences.

Then use kim_favorite_identities_get_number_of_identities() and kim_favorite_identities_get_identity_at_index() to display the identities list. Use kim_favorite_identities_add_identity() and kim_favorite_identities_remove_identity() to change which identities are in the identities list. Identities are always stored in alphabetical order and duplicate identities are not permitted, so when you add or remove a identity you should redisplay the entire list.

Once you are done editing the identities list, store changes in the user's preference file using kim_preferences_set_favorite_identities() and kim_preferences_synchronize().

See KIM Favorite Identities Documentation for information on specific APIs.

---