Re: selinux policy for heimdal and krb5cc cache

[Mivz <mivz@alpha.spugium.net>]

Harald Barth wrote:

>>But how does this solve my Linux problem?
>>    
>>
>No, not right away.
>  
>
>>Is there any work being done on a memory credential cache for Linux?
>>    
>>
>Maybe by someone else.
>
>You may have to weight the pain to use file cache against the pain
>to implement memory cache.
>  
>
>>Why is it implemented different?
>>    
>>
>In the beginning there was the FILE.
>
>Harald.
>  
>
Thank you for the information.
But shouldn't a SELinux protected file be as safe as a SELinux protected 
program or kernel memory, because SELinux is a kernel module? As long as 
the policy is right and the hard disk it self is safe.
And now there is onley a file cache with heimdal. And to protect it 
properley in a SELinux environment I should place it in a different 
location.
So what the real question is, what part of the heimdal source can I 
adapt to realize a credential cache in the users home dir? And is there 
any chance this wil be part of the next heimdal release until there is a 
proper in memory credential cache?

Mivz