At 09:59 AM 4/23/98 +0200, Rainer Toebbicke wrote:
>
[stuff deleted]
>
>However, James Dodd (one of my technical students which some of you might
>have come across already in info-dce) recently came up with an as far as I
>can see brilliant idea:
>
>when the batch job starts, the batch system instructs a 'secure server' to
>set up a (randomly named) DCE 'alias' for the user which lives only for the
>duration of the job. The batch job is told the password for the alias, runs
>dce_login with that password which grants it all the DFS-rights of the
>original user. It can spawn a little keep-alive process which renews the
>credentials every now and then. When the job finishes the alias is
destroyed.
>
Things to watch out for:
1) make sure that no random user can make a request to the 'secure server'
to create an alias account. this type of situation is what authorized
delegation was designed to solve.
2) The communication between the batch system and the 'secure server' needs
to be privacy encrypted -- otherwise the password is compromised, since I
presume that the batch system tells the secure server what password to use
for the alias account because it needs that knowledge to pass along to the
batch job for login.
Other than that -- nice hack!
-Jonathan
>James has tested the principle which seems to work and is now implementing
>it. Remains to be seen where security suffers in this system - it'll be a
>'practical' decision in the end.
>
>Comments on the feasability of this approach are welcome!
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>Rainer Toebbicke http://wwwcn1.cern.ch/~rtb -or- [EMAIL PROTECTED] O__
>European Laboratory for Particle Physics(CERN) - Geneva, Switzerland > |
>Phone: +41 22 767 8985 Fax: +41 22 767 7155 ( )\( )
>
>
>
