GSSAPI Proxy initiative
Nico Williams
nico at cryptonector.com
Thu Nov 3 16:53:12 EDT 2011
On Thu, Nov 3, 2011 at 3:39 PM, Trond Myklebust
<Trond.Myklebust at netapp.com> wrote:
>> What I had in mind was something like PAGs or keyrings. Or, to be
>> much more specific, search for my name and the string "credentials
>> process groups" -- a PAG on steroids.
>>
>> The idea is that the IPC peer can observe the other's
>> PAG/keyring/CPG/whatever and use that to find the correct credentials
>> (authorization is still required though).
>
> Linux already has per-user, per-process and per-thread keyrings which
> offer a high security storage solution for keys. The problem with those
> is that they are difficult to use in an asynchronous context when the
> original user's process/thread context is no longer available to us.
For async IPC methods you'd want something like SCM_CREDENTIALS to
give you the keyring/PAG/whatever information you need abou thte peer.
The ancillary data should be complete enough that you can past the
client process/thread being dead, although it's nice to not have to
process a request from a dead entity...
For sync IPC you need something like door_ucred(). And for sync IPC
you can make sure to get SIGCANCEL or equivalent when the client gets
canceled (this is the default in doors).
> Ideally, though, that's what we'd like to see used.
Agreed!
Nico
--
More information about the krbdev
mailing list