logo_kerberos.gif

Release Meeting Minutes/2011-07-12

From K5Wiki
Jump to: navigation, search


Carlos Garay, Will Fiveash, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu

Android

Carlos
Oracle staff -- mobile devices?
Will
Was Sun employee. Probably not the best person to ask. Oracle not providing employees with Apple laptops. Lenovo, Dell, Windows-based. Sun provided employees with Macs.
Carlos
What apps do you use Kerberos to auth to?
Will
Changing from Sun practice.Sun IT was busy doing large rollout protecting NFS homedirs with Kerberos. KDCs deployed, etc. Kerberos-authenticated SSH sessions. Hardly anyone uses telnet.
Carlos
If I were to build Kerberos for Android, how should it look?
Will
Make it transparent to the user.

libss

Will
Last couple of weeks, a few Solaris 11 issues related to kadmin.local utility. They exec other commands. Trying to use roles-based authorization. Execution profile for users so they get elevated local privileges [when running kadmin: to install keytabs, etc.]. "bang"-shell escape. Those commands inherit privileges.
Tom
libss builtin?
Will
Yes. Someone enhanced Solaris kadmin with a pager.
Greg
Looks like the pager stuff is built into SS. list_requests invokes a pager.
Will
"pfexec". looks through profile information to decide whether user can exec a program.