Date: Fri, 24 Dec 2010 20:26:44 +0600 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-questions@freebsd.org Subject: Re: rc.d and environment variables Message-ID: <20101224142644.GA30333@admin.sibptus.tomsk.ru> In-Reply-To: <4D147821.3020706@herveybayaustralia.com.au> References: <20101223201249.ea7648aa.freebsd@edvax.de> <20101223191443.GA24653@gizmo.acns.msu.edu> <20101224031352.GB16472@admin.sibptus.tomsk.ru> <20101224042542.3e21a6df.freebsd@edvax.de> <20101224035041.GF16472@admin.sibptus.tomsk.ru> <4D14233F.4070107@herveybayaustralia.com.au> <20101224080354.GA21712@admin.sibptus.tomsk.ru> <4D14555B.3000909@herveybayaustralia.com.au> <20101224093724.GC23384@admin.sibptus.tomsk.ru> <4D147821.3020706@herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Da Rock wrote: [dd] > >I really don't know what the security implications will be if > >/etc/krb5.keytab is readable by anyone besides the root user? Do you > >have a clue about it? There are other services' keys stored there > >besides svn (host/*, cvs/* etc). > > > > > At the risk of getting laughed off stage, and pulling in yet another > service, what about ldap? I believe there is supposed to be a way to > store keytabs in ldap, which theoretically would mean only the > particular services would be able to access their keytabs. No matter where we store the keytabs, if it is not the default location (/etc/krb5.keytab for FreeBSD), we face the same problem of telling the server application about the alternative location of the keytab. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101224142644.GA30333>