[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: special principals handling

To: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Subject: Re: special principals handling
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Fri, 1 Feb 2008 11:33:54 -0500
Cc: heimdal-discuss@sics.se
In-Reply-To: <47A3421A.204@inria.fr>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <47A32961.2080204@inria.fr> <08762A11-2E73-4F49-8D8C-48A294C68E7F@ece.cmu.edu> <47A3421A.204@inria.fr>
Reply-To: heimdal-discuss@sics.se, "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

On Feb 1, 2008, at 11:00 , Guillaume Rousse wrote:

> But using a single privilegied entity for a group of people  
> requires to
> share secrets (aka root password), which is also a bad idea, and  
> doesn't

How is every admin having his/her own $user/admin principal not  
traceable?
How is every admin having his/her own $user/admin principal a shared  
password?

Additionally, ideally you want a different principal for each *kind*  
of administrative action.  I have different principals for:
- root
- kerberos admin
- afs admin
- cyrus admin

The big advantage here, aside from limiting the amount of damage a  
mistake can cause:  should it be necessary to revoke a privilege, it  
can be done with minimal disruption to the user and to other admins.

Now, an argument can be made that this leads to multiple e.g. root  
passwords (thus, a larger attack surface).  Whether this is a  
significant issue depends on your threat model.

(Also:  giving all privileges to the default principal is like sudo?   
Huh?  It's like logging in as root / Administrator.)
>

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH

References:
- special principals handling
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
- Re: special principals handling
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
- Re: special principals handling
  - From: Guillaume Rousse <Guillaume.Rousse@inria.fr>

Prev by Date: Re: How to cross-compile
Next by Date: Re: Re: How to cross-compile
Prev by thread: Re: special principals handling
Next by thread: No Subject
Index(es):
- Date
- Thread