Linux kernel key retention
Kevin Coffman
kwc at citi.umich.edu
Mon May 1 21:52:24 EDT 2006
Fredrik,
I'm working on this in conjunction with Linux nfs-utils changes. As
it turns out, actually storing the ccache in the kernel keyring is not
*the* answer for NFS. It is helpful when process- or thread-level
credentials are needed for NFS access.
The essential thing the keyring will hold is a pointer to *the*
credentials to be used when creating the gss context. The actual
creds, for Kerberos, may live in a FILE: or KEYRING: credentials
cache. I'm working now on library routines to set/get the credentials
to be used. The keyring ccache code is basically complete, with a few
details to work out.
Contact me off-list (or on the linux-nfs list) for more details.
K.C.
On 5/1/06, Fredrik Tolf <fredrik at dolda2000.com> wrote:
> Hi list!
>
> I've been googling around a bit on this subject, not being able to find
> anything weighty. Are there current plans on implementing a ccache
> utilizing the key retention feature of the Linux kernel? Such a thing
> would really help, particularly for NFS with Kerberos RPCSEC.
>
> If there is such work going on, can anyone give a pointer to any
> information on it? If not, I should give it a try myself.
>
> Fredrik Tolf
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list