#43 Apache-readable keytab is a security risk

open
nobody
5
2014-08-18
2008-10-11
No

Since the Krb5Keytab must be readable by the Apache process, it is difficult or impossible to prevent it from being served to the web if there are untrusted user accounts on the system (e.g. shared hosting).

To fix this, the keytab needs to be read as root before Apache drops privileges, like how mod_ssl reads the SSL private key.

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks