On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,

I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).

GSS-Proxy prevents application from accessing key material, right? So
GSS-Proxy could theoretically store keys in TPM and application wouldn't
notice any difference, right?

We have libraries for that in Fedora already:
https://admin.fedoraproject.org/pkgdb/acls/name/trousers


Even sillier idea is to use TPM as a PKCS#11 module:
http://trousers.sourceforge.net/pkcs11.html

I have no idea what the use case could be ... :-) May be as a "cache" for
PKCS#11 module in SSSD?


As I said, it is just a silly idea.


Open a ticket in the GSS-Proxy trac :)

Is it a good topic for bachelor/master thesis? We are going to send list of topics for next year so we have a chance to add it.

We are not going to touch this any time soon so it sounds like a good idea to 
me.

--
Petr^2 Spacek

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to