[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

On Aug 29, 2007, at 6:50 PM, Jeffrey Altman wrote:

> Henry B. Hotz wrote:
>> Also while setgroups() may not be sufficiently protected to
>> really satisfy the model, it's at least harder than setenv.
> I'm now confused.  What are you trying to protect against?

I think I'll refuse to answer that (directly anyway) on the grounds  
that I shouldn't have gone into as much detail as I already have.   
The detail has already distracted some people from my main point.

The point of bringing up PAGs is that it's a pretty good model for  
who *should* be able to access a credential.  "Security" is the flip  
side of that:  everyone else *shouldn't* be able to access the  

> Kerberos uses environment variables as one method of pointing
> an application at a specific credential cache.  It doesn't
> have to be a FILE credential cache.  It could be an API cache
> as on Windows or MacOS X, or an LSA cache on Windows, or a
> KEYRING cache on Linux, or one of any of the other credential
> cache types.  Implementing a PAG credential cache is not
> necessarily going to eliminate the use of environment variables as a
> method of pointing the application at the PAG credential cache.

The point is not the ccache type per-se.  The point is the semantics  
of the model and the difficulty of breaking out of/in to the "PAG".

The FILE: ccache was just an example.  I grant you that other, less  
standard, types may do a much better job of implementing the model.

> Jeffrey Altman
> P.S. - I find it very interesting that this thread is now
> including OpenAFS when it still is not including MIT's Kerberos
> Developer's in the discussion.

Feel free to add them, especially if you think MIT might actually  
devote some implementation resources.  I'm not excluding anybody.  I  
added OpenAFS because I wanted to talk about PAGs and thought it  
might spur some OpenAFS developer to contribute.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu