[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running kdc as unprivileged user

To: Heimdal-discuss list <heimdal-discuss@sics.se>
Subject: Re: Running kdc as unprivileged user
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 7 Nov 2006 14:29:57 -0800
In-Reply-To: <20061107151005.AGA33506@m4500-00.uchicago.edu>
References: <20061107151005.AGA33506@m4500-00.uchicago.edu>
Sender: owner-heimdal-discuss@sics.se

7 nov 2006 kl. 13.10 skrev Jacob Yocom-Piatt:

> the port being privileged is not too big a problem, but you would  
> likely have to
> code the privilege dropping behavior. an example that immediately  
> comes to mind
> is chroot-ed apache.
>
> are there any good arguments against chroot-ing heimdal? it does  
> not run
> chroot-ed by default on openbsd.

What the point of chroot and still give the kdc process access to all  
the users keys ?

If you want to protect the machine chroot/ch-uid makes sense, if you  
are talking about
more layers to protect your long term keys.

To do the later, you need to split the kdc it at least two part. If  
this is done,
the backend/priv'ed should also do the database handing to avoid all the
funny database corruption that happen with berkley db wether you do  
locking or not.
Also iprop and last-login, failed login should be pushed into this  
beast.

Love

References:
- Re: Running kdc as unprivileged user
  - From: Jacob Yocom-Piatt <dick@uchicago.edu>

Prev by Date: Re: Running kdc as unprivileged user
Next by Date: Re: Running kdc as unprivileged user
Prev by thread: Re: Running kdc as unprivileged user
Next by thread: Re: hpropd propagation to slave with ldap backend?
Index(es):
- Date
- Thread