Keytab-based initiator creds design

Nico Williams nico at cryptonector.com
Tue Jun 12 17:14:40 EDT 2012


On Tue, Jun 12, 2012 at 3:49 PM, Henry B. Hotz <hotz at jpl.nasa.gov> wrote:
> If the UI for changing default cc's were as good as the UI for PAGs I'd have more sympathy for that viewpoint.  I want a "give me a new default cc, I don't care what you call it" operation.  I want a "pop" operation that destroys the current default cc and restores the previous one.
>
> And I want multiple ssh logins to always have different cc's.  I'm perplexed as to why this use case seems to be considered as an edge case instead of the primary use case.

What I'm saying is that I want something more than PAGs, and something
less also.  I want two things:

 - better identity selection interfaces (krb5_cc_select() is a good
step forward)

 - sessions (PAGs and PAG-like) with some isolation semantics

The former should be enough for most users' needs and can be addressed
in a GSS/Kerberos library without any help from the system.

The latter is much more systemic.  Think of the Android and iOS
application model, where the same user's many apps are isolated from
one another and limited to user-initiated communication where the user
says "share this object with that app".  Windows 8 has something like
this.  Unix doesn't, or can, if you use MAC.  But the point is that
this list can't really help here, except by influencing participants
from OS vendors like Oracle and RedHat, but unless they already have
plans in this space, the deeply systemic nature of what I want is
unlikely to result any time soon.  Even just non-isolationist PAGs are
somewhat systemic, requiring gssd and such to know about them.

Nico
--



More information about the krbdev mailing list