[14457] in Kerberos
Re: Where to hide credentials?
daemon@ATHENA.MIT.EDU (Booker C. Bense)
Wed May 16 11:04:15 2001
Date: Wed, 16 May 2001 07:58:00 -0700 (PDT)
From: "Booker C. Bense" <bbense@networking.stanford.edu>
To: Eric Knudstrup <eric@knudstrup.org>
cc: "Willis, Ian (Ento, Canberra)" <Ian.Willis@ento.csiro.au>,
<kerberos@mit.edu>
In-Reply-To: <989999240.3b02308839106@knudstrup.org>
Message-ID: <Pine.GSO.4.33.0105160754380.25901-100000@shred.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 16 May 2001, Eric Knudstrup wrote:
> I am assuming that you are talking about the cache file?
> Could you create a ramdisk and drop your creds in there?
> No [network|local] disk access, no problem.
>
> Eric
>
> Quoting "Willis, Ian (Ento, Canberra)" <Ian.Willis@ento.csiro.au>:
>
> > Hi
> > I would like to use the network boot functionality of PXE compliant
> > network
> > card to boot linux over the network and mount a network file system and
> > not
> > use a local disk at all. I would also like to install kerberos. I don't
> > want
> > the credential to go over the wire in any form that is readable by
> > others.
> > My question is what would be the best way to save the credentials.
> > Any thoughts?
- There is also some support in the code for using shared memory for
credentials, but this might have a file system as backing store.
Probably using a ram disk is your best solution.
- If you are using a network drive as your swap space, there is some
risk that the credentials can be seen regardless of what you do.
- Booker C. Bense
