gss_cred_id_t from keytab after fork without exposing keytab?
Michael B Allen
mba2000 at ioplex.com
Tue May 30 12:36:09 EDT 2006
Can someone recommend a method for providing an unpriviledged child
process with a gss_cred_id_t derived from a keytab but without exposing
the key to the child?
Specifically, I have a service that starts out as root and forks a
child. The child then changes it's uid/gid to an unpriviledged user,
does gss_init_sec_context, and then performs user defined work until
the service is stopped (meaning it could be running indefinitely).
As it is, if I simply putenv("KRB5_KTNAME=/var/lib/test/test.keytab")
the keytab file must be readable by the unpriviledged user. I don't
think I care if they have a ticket but with the raw key they could
decrypt network traffic and do generally evil things.
Any ideas?
Thanks,
Mike
More information about the Kerberos
mailing list