[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM_KRB5 and getpwnam() (was Re: pam_crypt module will change the world)



On Thu, Apr 19, 2001 at 11:09:22AM -0500, Steve Langasek wrote:
> On Wed, 18 Apr 2001, Nicolas Williams wrote:
> 
> Choose a secure default value for the cache permissions, yes.  If there's no
> associated local user, give the cache file mode 0600 and leave it owned by the
> euid of the application.

Doesn't the krb5 cc lib do that already?

> Suppose I have a web application that does Kerberos+AFS authentication using
> PAM.  The webserver is never going to have sufficient permissions to chown
> the file anyway, so having a local user associated with the Kerberos principal
> isn't terribly important; but having pam_sm_setcred() correctly create &
> destroy the ccache makes all the difference if the web app tries to access
> AFS.

Right.

> > I think we might want to make such behaviour optional.
> 
> Too many options :)  Is there ever a case where doing setcred() for a
> non-local user and just not chowning the cache would be detrimental to
> security?

:)

Ok. If setcred() gets called it means the app wants to init creds even
though there's no Unix user -- the sysadmin can always specify the
noccache option with such services.

[...]

> Steve Langasek
> postmodern programmer



Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []