Re: [kitten] Permissible (and imp..) side-effects of GSS_Acquire_cred()
Nico Williams <nico@cryptonector.com> Thu, 19 March 2015 16:28 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C46E71A1AE8 for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2015 09:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.266
X-Spam-Level:
X-Spam-Status: No, score=-0.266 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKEJStZwI8_F for <kitten@ietfa.amsl.com>; Thu, 19 Mar 2015 09:28:50 -0700 (PDT)
Received: from homiemail-a25.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3AD1A1ADF for <kitten@ietf.org>; Thu, 19 Mar 2015 09:28:50 -0700 (PDT)
Received: from homiemail-a25.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTP id 6C6CF678083; Thu, 19 Mar 2015 09:28:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=zYvt2MC3IxQ59c zJB/1r9DZYo7E=; b=ufsAReL7ohaHUnSDtlrlq9U1ze9eSpp5OT/XXLPWxmr6/n kObYnHi5Oh4IjGVirhFkvKhch271UYjrfXR7PR8/W84k+RGScT0abPImvbxALycu kYat/rerbktZQ875rsFSx5KpQqcbkU3kmlAs0AzvgOmNZYmUNIhtTvHkDrwUk=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTPA id 255E2678063; Thu, 19 Mar 2015 09:28:50 -0700 (PDT)
Date: Thu, 19 Mar 2015 11:28:49 -0500
From: Nico Williams <nico@cryptonector.com>
To: Simo Sorce <simo@redhat.com>
Message-ID: <20150319162847.GG8099@localhost>
References: <20150311001817.GC7286@localhost> <1426771934.2981.127.camel@willson.usersys.redhat.com> <20150319151718.GD8099@localhost> <1426778409.2981.129.camel@willson.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1426778409.2981.129.camel@willson.usersys.redhat.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/0ZMGJkCdO6iA_V555ogUY3HFlNo>
Cc: kitten@ietf.org
Subject: Re: [kitten] Permissible (and imp..) side-effects of GSS_Acquire_cred()
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 16:28:51 -0000
On Thu, Mar 19, 2015 at 11:20:09AM -0400, Simo Sorce wrote: > I guess it may be surprising in some cases, and expected in others, > unfortunately. > If you set the KRB5_CLIENT_KTNAME variable in recent MIT releases you > expect a default ccache to be created with whatever is in the keytab for > example. But you'd be surprised otherwise. Since it's both, sometimes surprising and sometimes expected, you get to pick what to end up with. Perhaps one behavior will cause more customer calls than the other. But I think there are compromises that get you (a) without breaking anyone. Again: - have a shadow default ccache for the case of acquiring a credential from a keytab when there is no default ccache - use the DIR ccache (does it have the option of not setting a default ccache in the collection?) - don't cache tickets when the default ccache does not exist - if there are keys for only one principal in the keytab, then set the default principal, else don't (and use one of the above fixes) And you could always add yet another environment variable, and/or krb5.conf parameter. To me it seems clear that GSS applications that do simple things like GSS_Init/Accept_sec_context() with the GSS_C_NO_CREDENTIAL, or which call GSS_Acquire/Add_cred(), do not cause other processes in the system to "break". Actually, this should be true for all GSS apps that do not call GSS_Store_cred() (whose entire purpose is to have side-effects). Even if you change nothing, I'm inclined to say that (a) is preferred and note that (b) is what one sometimes gets, therefore one must read the implementation's docs. I'd like to see this fixed (see above). Nico --
- Re: [kitten] Permissible (and imp..) side-effects… Simo Sorce
- Re: [kitten] Permissible (and imp..) side-effects… Nico Williams
- Re: [kitten] Permissible (and imp..) side-effects… Simo Sorce
- Re: [kitten] Permissible (and imp..) side-effects… Nico Williams
- Re: [kitten] Permissible (and imp..) side-effects… Simo Sorce
- Re: [kitten] Permissible (and imp..) side-effects… Nico Williams
- Re: [kitten] Permissible (and imp..) side-effects… Simo Sorce
- Re: [kitten] Permissible (and imp..) side-effects… Jeffrey Altman
- Re: [kitten] Permissible (and imp..) side-effects… Simo Sorce
- [kitten] Permissible (and imp..) side-effects of … Nico Williams