[OpenAFS] Kerberos 5 cache in /tmp
Jeffrey Hutzelman
jhutz@cmu.edu
Thu, 08 Apr 2004 11:49:46 -0400
On Thursday, April 08, 2004 11:31:08 -0400 Ken Hornstein
<kenh@cmf.nrl.navy.mil> wrote:
>>> True. But that problem only occurs because the kernel code allows all
>>> memory to be read by "root". It would be nice if all OS's has a
>>> "protected store" memory area who's sections could only be mapped to
>>> each authenticated user. Don't ask me how...I just work here.
>>>
>>
>> Capabilities solve that problem.
>
> We were batting around the idea of working on a capability-based system
> last year. There is one glaring problem: all of the capability-based
> systems that are available today are all geared toward producing PhD
> thesis rather than actually being useful. I made the mistake once of
> trying to use somebody's PhD thesis software in a real application; I
> won't make that mistake again. As always, YMMV.
You use AFS, don't you?