[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: special principals handling

To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Subject: Re: special principals handling
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Fri, 01 Feb 2008 17:00:26 +0100
In-Reply-To: <08762A11-2E73-4F49-8D8C-48A294C68E7F@ece.cmu.edu>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <47A32961.2080204@inria.fr> <08762A11-2E73-4F49-8D8C-48A294C68E7F@ece.cmu.edu>
Reply-To: heimdal-discuss@sics.se, Guillaume Rousse <Guillaume.Rousse@inria.fr>
User-Agent: Thunderbird 2.0.0.9 (X11/20080114)

Brandon S. Allbery KF8NH a écrit :
> 
> On Feb 1, 2008, at 9:14 , Guillaume Rousse wrote:
> 
>> Second, our usual policy is to grant admins all authorisations with
>> their standard accounts (through sudo, or ldap group ACLs, for
>> instance), so as to avoid keeping trace of shared passwords. It seems
>> the usual kerberos practice is to create additional principal with a
>> 'admin' instance for admins, but this constitute two different accounts.
>> Is there any way to automatically sync 'foo@REALM' with
>> 'foo/admin@REALM' for this purpose ? Or is it really a bad practice to
>> grant all powers to 'foo@REALM' ?
> 
> Minimal privilege is a very good idea in general, to help avoid mistakes
> and to make it easier to test things (if your normal account has full
> privileges, you have to use someone else's account to test and debug
> privilege/permission-related issues).  This is also why it's a bad idea
> to do everything on Unix as root or on Windows as Administrator, etc.
But using a single privilegied entity for a group of people requires to
share secrets (aka root password), which is also a bad idea, and doesn't
allow individual action tracability. Sudo is the perfect tool for
allowing controlled privilege escalation without duplicating accounts.
I'm just trying to achieving the same here with kerberos if possible.
Forcing foo/admin principal passwd to be synced with foo principal would
be a solution, for instance.


-- 
Guillaume Rousse
Moyens Informatiques - INRIA Futurs
Tel: 01 69 35 69 62

Follow-Ups:
- Re: special principals handling
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

References:
- special principals handling
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: special principals handling
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

Prev by Date: Re: How to cross-compile
Next by Date: Re: How to cross-compile
Prev by thread: Re: special principals handling
Next by thread: Re: special principals handling
Index(es):
- Date
- Thread