[OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Henry B. Hotz
hotz@jpl.nasa.gov
Wed, 29 Aug 2007 18:36:49 -0700
On Aug 29, 2007, at 2:43 PM, Howard Chu wrote:
> It sounds like you're happy with the inheritance model and don't
> need anything else. But again, your assertion that strict
> inheritance in the implementation guarantees secure usage is false.
"I'm happy with the inheritance model and don't need anything
else." ;-) I could be convinced it's not good enough, but I'd need
a good use case.
Don't confuse my assertion of what the properties *should* be with an
assertion that it's what they really are for a real implementation.
Likewise w.r.t. whether the intended properties are really sufficient
for security in any specific real environment.
My point was that the PAG model is superior to Kerberos's FILE:
ccache model. Also while setgroups() may not be sufficiently
protected to really satisfy the model, it's at least harder than setenv.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu