On Thu, Aug 8, 2013 at 9:46 AM, David Howells wrote:
> Nico Williams wrote:
>
>> b) how to create tmpfs locations in which to store credentials (which
>> can be unbounded in size, so storing them in the kernel is silly;
>
> Ummm... tmpfs stores them in the kernel too - though it can page them ou
Nico Williams wrote:
> b) how to create tmpfs locations in which to store credentials (which
> can be unbounded in size, so storing them in the kernel is silly;
Ummm... tmpfs stores them in the kernel too - though it can page them out to
swap.
I have altered my big-key implementation to just s
On Fri, Aug 2, 2013 at 3:49 PM, Nico Williams wrote:
> Solving (b) in a way that does not add a new ccache type (though
> having a KEYRING: ccache type that means "find the ccache URI in my
> keyring" is fine) is important because many of us run multiple
> implementations of Kerberos on any given
I think this is the wrong design.
There are two problems you're trying to solve:
a) how rpc.gssd finds credentials for processes on behalf of which it's acting
b) how to create tmpfs locations in which to store credentials (which
can be unbounded in size, so storing them in the kernel is silly;
Implement a big key type that can save its contents to tmpfs and thus
swapspace when memory is tight. This is useful for Kerberos ticket caches.
Signed-off-by: David Howells
---
include/keys/big_key-type.h | 27 ++
include/linux/key.h |1
security/keys/Kconfig | 11 +
5 matches
Mail list logo
