Josh Berkus wrote:
> Tom,
>
>> Indeed. If the Solaris folk feel that getupeercred() is insecure,
>> they had better explain why their kernel is that broken. This is
>> entirely unrelated to the known shortcomings of the "ident" IP
>> protocol.
>
> The Solaris security & kernel folks do, actually. However, there's
> no question that TRUST is inherently insecure, and that's what people
> are going to use if they can't get IDENT to work.
I'd be *very* interested in how they come to that assessment. I'd have
thought that the only alternative to getpeereid/getupeercred is
password-based or certificate-based authenticated - which seem *less*
secure because a) they also rely on the client having the correct uid
or gid (to read the password/private key), plus b) the risk of the
password/private key getting into the wrong hands.
How is that sort of authenticated handled by services shipping with solaris?
regards, Florian Pflug, hoping to be enlightened beyond his limited
posix-ish view of the world...