GSSAPI Proxy initiative

Nico Williams nico at
Thu Nov 3 16:53:12 EDT 2011

On Thu, Nov 3, 2011 at 3:39 PM, Trond Myklebust
<Trond.Myklebust at> wrote:
>> What I had in mind was something like PAGs or keyrings.  Or, to be
>> much more specific, search for my name and the string "credentials
>> process groups" -- a PAG on steroids.
>> The idea is that the IPC peer can observe the other's
>> PAG/keyring/CPG/whatever and use that to find the correct credentials
>> (authorization is still required though).
> Linux already has per-user, per-process and per-thread keyrings which
> offer a high security storage solution for keys. The problem with those
> is that they are difficult to use in an asynchronous context when the
> original user's process/thread context is no longer available to us.

For async IPC methods you'd want something like SCM_CREDENTIALS to
give you the keyring/PAG/whatever information you need abou thte peer.
 The ancillary data should be complete enough that you can past the
client process/thread being dead, although it's nice to not have to
process a request from a dead entity...

For sync IPC you need something like door_ucred().  And for sync IPC
you can make sure to get SIGCANCEL or equivalent when the client gets
canceled (this is the default in doors).

> Ideally, though, that's what we'd like to see used.



More information about the krbdev mailing list