I reported an issue in 2006 for the Linux kernel with passing file descriptors over unix domain sockets (UDS):

[...] a file descriptor, once put into a UNIX domain socket would not be considered by the kernel when the according resource was being closed. If the handle was taken "out of the UDS" after the resource already has been closed than the handle appeared to represent a resource that was no longer valid.

Well, after three years I decided to check, whether this issue is still present in a current kernel (Ubuntu Karmic). It is not. The kernel now handles this scenario correctly: if the only reference to the descriptor is within the UDS (ie: sendmsg(fd), close(fd) but noone called recvmsg(fd) just yet) then the handle is still being accounted for. Thus, after the descriptor is retrieved from the UDS it points to a valid resource (like a still open TCP connection).

I've been busy with other things lately, the next release will take a few more days. The initial LUA integration is almost complete but also needs a bit more polish in some places. I just did an intermediary check-in to the source repository; in case you want to take a peek: http://tokentube.svn.sourceforge.net/viewvc/tokentube?view=rev&revision=27

The next release of TokenTube is just a few days away and will feature LUA integration. Configurable/editable LUA scripts will be used for things like:

• LUKS key loading (with predefined implementations for local file loading and also key retrieval via xmlrpc),
• challenge response for helpdesk aided key recovery during PBA and
• other cool stuff yet to be conceived.

It is also quite possible that the next release will contain support for the current GNOME greeter mechanism (automatic user login on Karmic).