[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?

To: u+openafsdev-sr55@chalmers.se
Subject: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 30 Aug 2007 13:00:20 -0700
Cc: Heimdal discuss <heimdal-discuss@sics.se>, OpenAFS Devel <openafs-devel@openafs.org>
In-Reply-To: <20070830073941.GA5381@pappardelle.tekno.chalmers.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <A44562DD-4EE8-48E1-B562-BA4D0F74B7D5@jpl.nasa.gov> <46D4D0CD.3050003@highlandsun.com> <20070828223248.a5e62570.miallen@ioplex.com> <46D4DEAA.1030407@highlandsun.com> <20070828231655.f17fa922.miallen@ioplex.com> <46D4EE4C.8070405@highlandsun.com> <46D4F025.50600@highlandsun.com> <20070829120921.f8fe84e1.miallen@ioplex.com> <46D5A2F3.3010603@highlandsun.com> <F422B16A-AFED-4DC2-AEEA-2D2F08A8895B@jpl.nasa.gov> <20070830073941.GA5381@pappardelle.tekno.chalmers.se>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

On Aug 30, 2007, at 12:39 AM, u+openafsdev-sr55@chalmers.se wrote:

> Hi,
>
> I happen to have an opinion,
> based on years with AFS, DCE/DFS and Coda, fwiiw.

Everyone's entitled to an opinion as long as they realize they're  
wrong if they disagree with mine.  ;-)

> On Wed, Aug 29, 2007 at 02:08:48PM -0700, Henry B. Hotz wrote:
>> (Process Authentication Group) problem the same way we solve the
>> secure credential cache problem.  PAGs have better semantics than any
>> extant Kerberos ccache implementation.
>
> This is a questionable statement.

Of course it is.  It's my opinion.  ;-)

> PAGs are supposed to be handy, but they contradict the basic *nix  
> design,
> which is built around uid as the main credential.
> So they are controversial by nature.

The basic *nix design was oriented toward single multiuser machines.   
The uid is completely useless as a credential for accessing network  
resources.  Perhaps PAGs contradict the design, but that's because  
the design is not applicable.  Obviously that has user-visible  
effects, but I see no issue there except that the user needs to learn  
the difference.  (Or are you proposing that Unix should be updated to  
use a network-verifiable identity in place of the uid?)

> They create lots of confusion, are not as isolating as one might  
> believe
> and eventually reduce security as they are breaking the borders
> of security domains (switching uids while inheriting rights or vice  
> versa).

I agree that the scoping mis-match between uid's and PAGs is a  
security issue.  Likewise the scoping mismatch between PAG's and  
<pick one> Kerberos credential cache's is an issue.  Please propose  
what you think the model should be, but if you say Unix uid's then I  
strenuously disagree.  I happen to think the process inheritance tree  
is a good scope to use, as I described in my post.

How easy/hard that is to break is an implementation issue that I  
would discuss in terms of how well the PAG model was implemented.  As  
others have noted there will always be gaps and holes.  In fact I  
would go one farther and say that Goedel's Theorem absolutely  
guarantees there will be gaps and holes, regardless of what model you  
use.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdaland MIT?
  - From: Howard Chu <hyc@highlandsun.com>

References:
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: Howard Chu <hyc@highlandsun.com>
- Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
  - From: u+openafsdev-sr55@chalmers.se

Prev by Date: No Subject
Next by Date: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdaland MIT?
Prev by thread: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdal and MIT?
Next by thread: Re: [OpenAFS-devel] Re: MEMORY credential cache interop between Heimdaland MIT?
Index(es):
- Date
- Thread