The right way to kerberize a trinary service...

Everette Gray Allen Everette_Allen at ncsu.edu
Wed Dec 3 11:19:27 EST 2003 

I hope this is the right place to ask a question about kerberizing a 
"service".  The problem is very much like ticket forwarding or proxy 
authentication with a timing twist. Note using V5 tickets only.
The setup involves 3 process: an application in users' space which will 
get a service ticket, a background, processing daemon (on the same 
machine but not running as any of the users) which will process data 
from the application potentially long after the user has logged out (but 
before the ticket expires) and a sending program which will use the 
service ticket to submit this processed data to a remote machine using 
an established kerberized service.  So data from multiple users is being 
processed on the local box by a daemon which is not any of the users but 
the processed output for each user must be sent to the remote service 
using the that user's sgt.
Further constraints:
a) I can only change the code for my application and the sending program.
b) I can not control when the sending program runs (depends on how much 
processing is done).
c) The daemon can not fork per user.
d) I do not want to cache the service ticket using the file system (I 
actually already have that model working).

If the processing daemon were on a remote server (and the source code 
was available) running all the time then I would just use forwardable 
tickets and be done.  But since 1) the daemon is local, and 2) the 
process that needs to send the data as the users is not running at the 
same time as the user application then I can't fake it with "localhost 
forwarding".

What I can do is pass either a text or binary "blob" in an options block 
from my application to the daemon who will then just hand it to my 
sending process when it is called.  My question is how to package the 
sgt so it can make the trip and be usable?  I really don't know enough 
about how forwardable or proxy tickets are meant to be used or how to 
reasonably "loan" tickets to local processes I want to trust.

I understand all the reasons this can be bad, insecure, etc and I don't 
want to discuss those.  I want to discuss how I might accomplish what is 
outlined out or what alternatives might be given the constraints. 
Pointers to examples of code that forwards sgts would be great!

-- 
Everette Gray Allen		Systems Programmer II
ITD Computing Services	Macintosh Support Specialist
2620 Hillsborough St, Campus Box 7109
Raleigh, NC 27695-7109
919-515-4558		Everette_Allen at ncsu.edu

More information about the krbdev mailing list