Henry B. Hotz wrote: > Also while setgroups() may not be sufficiently protected to > really satisfy the model, it's at least harder than setenv.
I'm now confused. What are you trying to protect against? Kerberos uses environment variables as one method of pointing an application at a specific credential cache. It doesn't have to be a FILE credential cache. It could be an API cache as on Windows or MacOS X, or an LSA cache on Windows, or a KEYRING cache on Linux, or one of any of the other credential cache types. Implementing a PAG credential cache is not necessarily going to eliminate the use of environment variables as a method of pointing the application at the PAG credential cache. Jeffrey Altman P.S. - I find it very interesting that this thread is now including OpenAFS when it still is not including MIT's Kerberos Developer's in the discussion.
smime.p7s
Description: S/MIME Cryptographic Signature
