rc.d and environment variables

Victor Sudakov vas at mpeks.tomsk.su
Fri Dec 24 14:26:48 UTC 2010

Da Rock wrote:


> >I really don't know what the security implications will be if
> >/etc/krb5.keytab is readable by anyone besides the root user? Do you
> >have a clue about it? There are other services' keys stored there
> >besides svn (host/*, cvs/* etc).
> >
> >   
> At the risk of getting laughed off stage, and pulling in yet another 
> service, what about ldap? I believe there is supposed to be a way to 
> store keytabs in ldap, which theoretically would mean only the 
> particular services would be able to access their keytabs.

No matter where we store the keytabs, if it is not the default
location (/etc/krb5.keytab for FreeBSD), we face the same problem of
telling the server application about the alternative location of the keytab.

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru

More information about the freebsd-questions mailing list