[OpenAFS] Kerberos 5 cache in /tmp

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 08 Apr 2004 11:49:46 -0400

On Thursday, April 08, 2004 11:31:08 -0400 Ken Hornstein 
<kenh@cmf.nrl.navy.mil> wrote:

>>> True.  But that problem only occurs because the kernel code allows all
>>> memory to be read by "root".  It would be nice if all OS's has a
>>> "protected store" memory area who's sections could only be mapped to
>>> each authenticated user.  Don't ask me how...I just work here.
>> Capabilities solve that problem.
> We were batting around the idea of working on a capability-based system
> last year.  There is one glaring problem: all of the capability-based
> systems that are available today are all geared toward producing PhD
> thesis rather than actually being useful.  I made the mistake once of
> trying to use somebody's PhD thesis software in a real application; I
> won't make that mistake again.  As always, YMMV.

You use AFS, don't you?