Back To Schedule
Saturday, February 23 • 9:50am - 10:35am
Simo Sorce - GSSAPI Privilege separation with GSS-Proxy

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

GSS-Proxy is a new feature developed in collaboration with the Mit Kerberos Project.
It allows to use an new type of plugin called interposer to offload context establishment to a more privileged process without changeing the GSS API.
This allows to use, for example, kerberos credentials in a process without giving direct access to keytabs or credential caches containing the user TGT.
This talk will explain how this is achieved, and what are the applications, advantages and limitations of the current implementation.
Using the GSS-Proxy protocol as a kernel upcall mechanism to handle GSS auth will also be discussed.

avatar for Simo Sorce

Simo Sorce

Senior Principal Software Engineer, Red Hat
I work in the RHEL Crypto Team, I like Security related topics.

Saturday February 23, 2013 9:50am - 10:35am CET
#Lecture room D1

Attendees (0)