rc.d and environment variables
Victor Sudakov
vas at mpeks.tomsk.su
Fri Dec 24 14:26:48 UTC 2010
Da Rock wrote:
[dd]
> >I really don't know what the security implications will be if
> >/etc/krb5.keytab is readable by anyone besides the root user? Do you
> >have a clue about it? There are other services' keys stored there
> >besides svn (host/*, cvs/* etc).
> >
> >
> At the risk of getting laughed off stage, and pulling in yet another
> service, what about ldap? I believe there is supposed to be a way to
> store keytabs in ldap, which theoretically would mean only the
> particular services would be able to access their keytabs.
No matter where we store the keytabs, if it is not the default
location (/etc/krb5.keytab for FreeBSD), we face the same problem of
telling the server application about the alternative location of the keytab.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list