Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kernel Key Management. Red Hat: Kernel Key Management Kernel Key Management Overview Designed to hold keys ready for fast use by kernel services ● Mainly.

Published byBaldwin Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Kernel Key Management. Red Hat: Kernel Key Management Kernel Key Management Overview Designed to hold keys ready for fast use by kernel services ● Mainly."— Presentation transcript:

1 Kernel Key Management

2 Red Hat: Kernel Key Management Kernel Key Management Overview Designed to hold keys ready for fast use by kernel services ● Mainly filesystems Keys can hold authentication, authorisation or other security data Permits keys to be grouped together using keyrings Provides access controls on keys Provides standard upcall method to get keys that aren't yet available

3 Red Hat: Kernel Key Management Keys Keys have a number of attributes: ● Type ● Description ● Owner UID/GID ● Permissions (DAC) ● Security (MAC) ● Expiry ● State (revocation, instantiation) Keys also have a payload that is the actual security data

4 Red Hat: Kernel Key Management Keyrings Keyrings are keys that contain a set of links to other keys Each thread subscribes to five standard keyrings: ● Per-thread ● Per-process ● Session ● User default session ● User Only the first three are automatically searched The fourth is searched if the third doesn't exist The fifth is normally searched through a link from the session keyring The session keyring will be created by PAM on login in FC6/RHEL5

5 Red Hat: Kernel Key Management Keyutils Userspace utilities, libraries RPMs found in RHEL4, FE5, FE6, RHEL5 RPMs, tarball found on: ● http://people.redhat.com/~dhowells/keys/ http://people.redhat.com/~dhowells/keys/

6 Red Hat: Kernel Key Management What is it being used or considered for? eCryptFS NFSv4 AFS/OpenAFS CIFS Kerberos TGT and Tickets SSH agent-type stuff

7 Red Hat: Kernel Key Management Example: CIFS Keys could be used to store: ● Local UID Windows user UUID mapping ● Login credentials ● Username ● Domain ● Password ● SMB session ID

8 Red Hat: Kernel Key Management So... What else are people using it for? What can be done to improve it? What extra facilities could be added?

Download ppt "Kernel Key Management. Red Hat: Kernel Key Management Kernel Key Management Overview Designed to hold keys ready for fast use by kernel services ● Mainly."

Similar presentations

Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Access and Overview. Login procedures and requirements. Creating and updating tickets. Understanding special ticket states. Adding an attachment to an.

Access and Overview. Login procedures and requirements. Creating and updating tickets. Understanding special ticket states. Adding an attachment to an.
Overview of User Set-up & Security. Administrator Functions Before adding new Users, we first need to define some User Security Settings To do this navigate.

Overview of User Set-up & Security. Administrator Functions Before adding new Users, we first need to define some User Security Settings To do this navigate.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Radius based ssh authentication Location of Radius server – radius-server host 192.168.1.2 auth-port 1812 acct-port 1813 key WinRadius – The same config.

Radius based ssh authentication Location of Radius server – radius-server host auth-port 1812 acct-port 1813 key WinRadius – The same config.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.

Using Kerberos the fundamentals. Computer/Network Security needs: Authentication Who is requesting access Authorization What user is allowed to do Auditing.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.

Challenges Running an NFSv4- backed OSG Cluster Kevin Coffman Center for Information Technology Integration University of Michigan.
Linux Security.

Linux Security.
Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.

Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.
HCare access on an iPad hCare access is the remote access to PGH. The steps for installing vary from the Mac somewhat. This will guide you. Installation.

HCare access on an iPad hCare access is the remote access to PGH. The steps for installing vary from the Mac somewhat. This will guide you. Installation.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Working from home/off-campus - Electronic Resources Off campus access and authentication routes 2009/2010.

Working from home/off-campus - Electronic Resources Off campus access and authentication routes 2009/2010.
Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.

Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.
KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.

KX509: Leveraging Kerberos to Obtain Digital Certificates for Web Client Authentication University of Michigan Kevin Coffman Bill Doster.
Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.

Extending Active Directory Authentication and Account Management To Solaris 10 Systems A HOWTO guide for joining a Solaris 10 (8/07) host to a domain in.

Similar presentations

Ads by Google