[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)
Tomas Olsson
tol@stacken.kth.se
13 Jul 2004 16:52:39 +0200
Derek Atkins <warlord@MIT.EDU> writes:
> lpr, sendmail, or other apps that are setuid for local storage but
> need access to your credentials to talk to a network server?
>
Yup.
The jail property of PAGs is interesting too. Is it a requirement (why?) or
just a side effect? Currently, you probably need to use a chroot jail too,
since there are usually tickets in /tmp. Or is that just until the keyrings
get in place and the krb5cc goes into the kernel?
/Tomas (merry-go-round)