logo_kerberos.gif

Release Meeting Minutes/2011-08-23

From K5Wiki
Jump to: navigation, search


Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

Proxy GSS

Carlos
Proxy GSS in Java for Android. Privilege separation happens e.g. one Unix UID per application.
Tom
Proxy [...] need to do some privilege checking that kernel otherwise does for you.
Simo
A few key things: (1) How to handle permissions. How to know whether to give an application access to use a keytab.
Greg
Have to have a policy...
Greg
Almost all platforms can give you the UID of an IPC peer.
Simo
Not necessarily wanting to rely on UID.
Greg
Or use Unix file permissions.
Simo
e.g. different subdirectory per keytab.
Simo
(2) What do we want to proxy? Could proxy every mech or only individual mechs?
Greg
Doing individual message stuff in-process? [...] might be some mech that needs access to long-term private creds for the process to use an imported context.
Simo
Flag mech as proxiable?
Greg
What about SPNEGO? What if some mechs are proxiable, while some are not? Maybe all-or-nothing?
Simo
Could proxy, send actual secret in export to app.
Greg
Inband renegotiation complications [ ... probably borrowing trouble as doing this tunneled over wrap tokens depends on application properties ] Could start simple: proxy everything. Then work on options to export back to the app.
Tom
Proxy at mechglue layer, or at individual mechs? [ mechglue ]
Simo
How to transport stuff through IPC [ encoding etc. ]

We talk about TIRPC and complications thereof; best currently BSD-licensed version is probably from Linux NFS project.

libverto

libev is probably the best back end to bundle.

Simo
Embed whatever version you need.
Greg
libverto expects to dynamically load.
Simo
Rename stuff if needed. Try to embed.

It turns out libev has a number of support things that might make embedding it easier anyway.