[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MEMORY credential cache interop between Heimdal and MIT?

On Aug 29, 2007, at 2:43 PM, Howard Chu wrote:

> It sounds like you're happy with the inheritance model and don't  
> need anything else. But again, your assertion that strict  
> inheritance in the implementation guarantees secure usage is false.

"I'm happy with the inheritance model and don't need anything  
else."  ;-)  I could be convinced it's not good enough, but I'd need  
a good use case.

Don't confuse my assertion of what the properties *should* be with an  
assertion that it's what they really are for a real implementation.   
Likewise w.r.t. whether the intended properties are really sufficient  
for security in any specific real environment.

My point was that the PAG model is superior to Kerberos's FILE:  
ccache model.  Also while setgroups() may not be sufficiently  
protected to really satisfy the model, it's at least harder than setenv.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu