[Freeipa-devel] GSS-Proxy <-> TPM <-> PKCS#11 (silly idea)
Dmitri Pal
dpal at redhat.com
Tue Mar 4 16:25:23 UTC 2014
On 03/04/2014 11:08 AM, Petr Spacek wrote:
> On 16.2.2014 13:22, Simo Sorce wrote:
>> On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
>>> Hello,
>>>
>>> I have got an silly idea to use TPM (Trusted Platform Module) as
>>> backend for
>>> Keytab storage (via GSS-Proxy).
>>>
>>> GSS-Proxy prevents application from accessing key material, right? So
>>> GSS-Proxy could theoretically store keys in TPM and application
>>> wouldn't
>>> notice any difference, right?
>>>
>>> We have libraries for that in Fedora already:
>>> https://admin.fedoraproject.org/pkgdb/acls/name/trousers
>>>
>>>
>>> Even sillier idea is to use TPM as a PKCS#11 module:
>>> http://trousers.sourceforge.net/pkcs11.html
>>>
>>> I have no idea what the use case could be ... :-) May be as a
>>> "cache" for
>>> PKCS#11 module in SSSD?
>>>
>>>
>>> As I said, it is just a silly idea.
>>>
>>
>> Open a ticket in the GSS-Proxy trac :)
>
> Is it a good topic for bachelor/master thesis? We are going to send
> list of topics for next year so we have a chance to add it.
>
> We are not going to touch this any time soon so it sounds like a good
> idea to me.
>
I am not sure. Sounds like a lot of work with questionable results...
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list