[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

On Wed, 15 Aug 2007 17:02:43 -0400
Thor Lancelot Simon <tls@panix.com> wrote:

> On Wed, Aug 15, 2007 at 04:19:06PM -0400, Michael B Allen wrote:
> >
> > This is actually a fundamental problem with authentication mechanisms in
> > general. It get's into the issue of how to manage credentials. Currently
> > Kerberos uses disk files. That is clumsy and in some cases downright
> > insecure. I have personally concluded that the proper solution is for
> > the OS to provide a secure storage mechanism where a library can put
> > arbitrary data that can by accessed using a key such as a simple number
> > or preferably a string (e.g. 'krb5:MEMORY:') that may be accessed ONLY
> > by the same pid or by a descendant (i.e. the storage is inherited).
> > 
> > I'm not sure if this can be done entirely in userspace but if it could
> > that would be an interesting project. Then you could have MEMORY: ccache
> > and keytab interoperability and get around a lot of ugly environment
> > variable / file hacks.
> It's trivial to do in userspace; mmap MAP_ANON|MAP_SHARED regions are
> accessible only to related processes.  But everyone who wants to touch
> the region will have to be a descendant of the process that created it,
> so that process will have to be in the login path somewhere.  Still,
> this can accomodate even abominations like AFS PAGs without need for
> any kernel support, AFAICT.

Hi Thor,

Actually what I was trying to think of was something that restricted
access to the named credential store to only code that has access to a
secret key. That could be used to implement a number of useful features
(e.g. passing the credential between processes that my not be in the
same process group). Some environments would not be able to guarantee
protecting they key (e.g. C based) but some could (e.g. Java has code
based protections).

But an mmap based solution would be a nice start (not sure it would even
need to be MAP_SHARED either).


Michael B Allen
PHP Active Directory Kerberos SSO