[OpenAFS] "reauth" code?
Brandon Allbery
allbery.b@gmail.com
Thu, 23 Aug 2012 18:39:31 -0400
--20cf303348116bf14104c7f68858
Content-Type: text/plain; charset=UTF-8
On Thu, Aug 23, 2012 at 6:30 PM, Russ Allbery <rra@stanford.edu> wrote:
> reauthentication. (One of the reasons why I'll probably implement it
> anyway is that storing the password in memory is probably still more
> secure than creating a keytab file on disk.)
FWIW, trick used in CMU SCS (and adopted in ECE) used kernel memory instead
of user, by stashing it in a pipe when not in use. Read in, use, write to
pipe, wipe program storage; read back in from pipe and repeat to reauth.
--
brandon s allbery allbery.b@gmail.com
wandering unix systems administrator (available) (412) 475-9364 vm/sms
--20cf303348116bf14104c7f68858
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">On Thu, Aug 23, 2012 at 6:30 PM, Russ Allbery <span dir=3D=
"ltr"><<a href=3D"mailto:rra@stanford.edu" target=3D"_blank">rra@stanfor=
d.edu</a>></span> wrote:<br><div class=3D"gmail_quote"><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">
<div class=3D"im">reauthentication. =C2=A0(One of the reasons why I'll =
probably implement it</div>
anyway is that storing the password in memory is probably still more<br>
secure than creating a keytab file on disk.)</blockquote><div><br></div><di=
v>FWIW, trick used in CMU SCS (and adopted in ECE) used kernel memory inste=
ad of user, by stashing it in a pipe when not in use. =C2=A0Read in, use, w=
rite to pipe, wipe program storage; read back in from pipe and repeat to re=
auth. =C2=A0</div>
</div><div><br></div>-- <br>brandon s allbery =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"mailto:allbery.b@gmail.com" targe=
t=3D"_blank">allbery.b@gmail.com</a><br>wandering unix systems administrato=
r (available) =C2=A0 =C2=A0 (412) 475-9364 vm/sms<br>
<br>
</div>
--20cf303348116bf14104c7f68858--