Linux kernel key retention - Kerberos

This is a discussion on Linux kernel key retention - Kerberos ; Hi list! I've been googling around a bit on this subject, not being able to find anything weighty. Are there current plans on implementing a ccache utilizing the key retention feature of the Linux kernel? Such a thing would really ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Linux kernel key retention

  1. Linux kernel key retention

    Hi list!

    I've been googling around a bit on this subject, not being able to find
    anything weighty. Are there current plans on implementing a ccache
    utilizing the key retention feature of the Linux kernel? Such a thing
    would really help, particularly for NFS with Kerberos RPCSEC.

    If there is such work going on, can anyone give a pointer to any
    information on it? If not, I should give it a try myself.

    Fredrik Tolf


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Linux kernel key retention

    Fredrik,
    I'm working on this in conjunction with Linux nfs-utils changes. As
    it turns out, actually storing the ccache in the kernel keyring is not
    *the* answer for NFS. It is helpful when process- or thread-level
    credentials are needed for NFS access.

    The essential thing the keyring will hold is a pointer to *the*
    credentials to be used when creating the gss context. The actual
    creds, for Kerberos, may live in a FILE: or KEYRING: credentials
    cache. I'm working now on library routines to set/get the credentials
    to be used. The keyring ccache code is basically complete, with a few
    details to work out.

    Contact me off-list (or on the linux-nfs list) for more details.

    K.C.

    On 5/1/06, Fredrik Tolf wrote:
    > Hi list!
    >
    > I've been googling around a bit on this subject, not being able to find
    > anything weighty. Are there current plans on implementing a ccache
    > utilizing the key retention feature of the Linux kernel? Such a thing
    > would really help, particularly for NFS with Kerberos RPCSEC.
    >
    > If there is such work going on, can anyone give a pointer to any
    > information on it? If not, I should give it a try myself.
    >
    > Fredrik Tolf
    >
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Linux kernel key retention

    On Mon, 2006-05-01 at 21:52 -0400, Kevin Coffman wrote:
    > The essential thing the keyring will hold is a pointer to *the*
    > credentials to be used when creating the gss context. The actual
    > creds, for Kerberos, may live in a FILE: or KEYRING: credentials
    > cache. I'm working now on library routines to set/get the credentials
    > to be used. The keyring ccache code is basically complete, with a few
    > details to work out.


    If there aren't any great problems, would you mind sending me the code?
    I would be more than happy to betatest it, at the very least.

    Fredrik Tolf


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread