[OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Henry B. Hotz
hotz@jpl.nasa.gov
Thu, 30 Aug 2007 00:08:55 -0700
On Aug 29, 2007, at 6:50 PM, Jeffrey Altman wrote:
> Henry B. Hotz wrote:
>> Also while setgroups() may not be sufficiently protected to
>> really satisfy the model, it's at least harder than setenv.
>
> I'm now confused. What are you trying to protect against?
I think I'll refuse to answer that (directly anyway) on the grounds
that I shouldn't have gone into as much detail as I already have.
The detail has already distracted some people from my main point.
The point of bringing up PAGs is that it's a pretty good model for
who *should* be able to access a credential. "Security" is the flip
side of that: everyone else *shouldn't* be able to access the
credential.
> Kerberos uses environment variables as one method of pointing
> an application at a specific credential cache. It doesn't
> have to be a FILE credential cache. It could be an API cache
> as on Windows or MacOS X, or an LSA cache on Windows, or a
> KEYRING cache on Linux, or one of any of the other credential
> cache types. Implementing a PAG credential cache is not
> necessarily going to eliminate the use of environment variables as a
> method of pointing the application at the PAG credential cache.
The point is not the ccache type per-se. The point is the semantics
of the model and the difficulty of breaking out of/in to the "PAG".
The FILE: ccache was just an example. I grant you that other, less
standard, types may do a much better job of implementing the model.
> Jeffrey Altman
>
> P.S. - I find it very interesting that this thread is now
> including OpenAFS when it still is not including MIT's Kerberos
> Developer's in the discussion.
Feel free to add them, especially if you think MIT might actually
devote some implementation resources. I'm not excluding anybody. I
added OpenAFS because I wanted to talk about PAGs and thought it
might spur some OpenAFS developer to contribute.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu