[OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

Henry B. Hotz hotz@jpl.nasa.gov
Wed, 29 Aug 2007 18:36:49 -0700


On Aug 29, 2007, at 2:43 PM, Howard Chu wrote:

> It sounds like you're happy with the inheritance model and don't  
> need anything else. But again, your assertion that strict  
> inheritance in the implementation guarantees secure usage is false.

"I'm happy with the inheritance model and don't need anything  
else."  ;-)  I could be convinced it's not good enough, but I'd need  
a good use case.

Don't confuse my assertion of what the properties *should* be with an  
assertion that it's what they really are for a real implementation.   
Likewise w.r.t. whether the intended properties are really sufficient  
for security in any specific real environment.

My point was that the PAG model is superior to Kerberos's FILE:  
ccache model.  Also while setgroups() may not be sufficiently  
protected to really satisfy the model, it's at least harder than setenv.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu