Saturday, February 23 • 9:50am - 10:35am
Simo Sorce - GSSAPI Privilege separation with GSS-Proxy

Sign up or log in to save this to your schedule and see who's attending!

GSS-Proxy is a new feature developed in collaboration with the Mit Kerberos Project.
It allows to use an new type of plugin called interposer to offload context establishment to a more privileged process without changeing the GSS API.
This allows to use, for example, kerberos credentials in a process without giving direct access to keytabs or credential caches containing the user TGT.
This talk will explain how this is achieved, and what are the applications, advantages and limitations of the current implementation.
Using the GSS-Proxy protocol as a kernel upcall mechanism to handle GSS auth will also be discussed.

avatar for Simo Sorce

Simo Sorce

Sr. Principal Software Engineer, Red Hat
Simo Sorce is a Sr principal software Engineer at Red Hat working in the Identity Management space with long history of involvement in Free Software projects. He joined the Samba Team in 2001 and has since founded or co-founded other projectes in the Identity Management space including... Read More →

Saturday February 23, 2013 9:50am - 10:35am
#Lecture room D1

Attendees (0)