[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

On Wed, Aug 15, 2007 at 04:19:06PM -0400, Michael B Allen wrote:
> This is actually a fundamental problem with authentication mechanisms in
> general. It get's into the issue of how to manage credentials. Currently
> Kerberos uses disk files. That is clumsy and in some cases downright
> insecure. I have personally concluded that the proper solution is for
> the OS to provide a secure storage mechanism where a library can put
> arbitrary data that can by accessed using a key such as a simple number
> or preferably a string (e.g. 'krb5:MEMORY:') that may be accessed ONLY
> by the same pid or by a descendant (i.e. the storage is inherited).
> I'm not sure if this can be done entirely in userspace but if it could
> that would be an interesting project. Then you could have MEMORY: ccache
> and keytab interoperability and get around a lot of ugly environment
> variable / file hacks.

It's trivial to do in userspace; mmap MAP_ANON|MAP_SHARED regions are
accessible only to related processes.  But everyone who wants to touch
the region will have to be a descendant of the process that created it,
so that process will have to be in the login path somewhere.  Still,
this can accomodate even abominations like AFS PAGs without need for
any kernel support, AFAICT.