learn linux and unix commands - unix shell scripting

Presenting risk

 
Thread Tools Search this Thread
# 1  
Old 03-16-2009
Presenting risk

We talk about risk, risk assessment, risk analysis, and risk management.  A lot.  But people are remarkably bad at really understanding risks.

This web page and animation on understanding uncertainty was created to address medical risks.  However, it points out a number of ways that we can either misrepresent, or misunderstand, risk in general.

Image
Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Presenting current LUNs to new OS. RHEL 7, LVM

All, We have a physical server (Lenovo 3950) that we need to upgrade the OS from RHEL 6 to RHEL 7. We do not want to do an in-place upgrade but rather start with a fresh OS install. The plan is to remove the two local drives (Raid 1) and install two new drives for the fresh RHEL 7 install. ... (4 Replies)
Discussion started by: hburnswell
4 Replies

2. UNIX for Beginners Questions & Answers

Presenting data in column format

I have written a script that that takes file names and breaks them apart. File names are : aal_mock.war.deployed AuroralMockService-1.0.war.deployed consumerProfile.war.deployed EbillMock.war.deployed IAMAOGServices.war.deployed IAMPermission.war.deployed... (5 Replies)
Discussion started by: Junaid Subhani
5 Replies

3. Shell Programming and Scripting

Presenting the user a menu in Bash ...

Hello, I am trying to write a bash script function to present the user a menu of options. The following is what I have so far: function MainMenu { while ] do echo "--------------------------------------------------------------------------------" echo... (4 Replies)
Discussion started by: ckoeber
4 Replies
Login or Register to Ask a Question
krb5envvar(5)						Standards, Environments, and Macros					     krb5envvar(5)

NAME
krb5envvar - Kerberos environment variables DESCRIPTION
The Kerberos mechanism provides a number of environment variables to configure different behavior in order to meet applications' needs. Environment variables used within the Kerberos mechanism are: KRB5_KTNAME Used by the mechanism to specify the location of the key table file. The variable can be set to the following value: [[<kt type>:]<file name>] where <kt type> can be FILE or WRFILE. FILE is for read operations; WRFILE is for write operations. <file name> is the location of the keytab file. If KRB5_KTNAME is not defined, the default value is: FILE:/etc/krb5/krb5.keytab The keytab file is used to store credentials persistently and is used commonly for service daemons. Specifying the FILE type assumes that the subsequent operations on the associated file are readable by the invoking process. Care must be taken to ensure that the file is readable only by the set of principals that need to retrieve their unencrypted keys. The WRFILE type is used by the kadmin(1M) command. Specifying this type allows the administrator to designate an alternate keytab file to write to without using extra command line arguments for file location. KRB5CCNAME Used by the mechanism to specify the location of the credential cache. The variable can be set to the following value: [[<cc type>:]<file name>] where <cc type> can be FILE or MEMORY. <file name> is the location of the principal's credential cache. If KRB5CCNAME is not defined, the default value is: FILE:/tmp/krb5cc_<uid> where <uid> is the user id of the process that created the cache file. The credential cache file is used to store tickets that have been granted to the principal. Specifying the FILE types assumes that subsequent operations on the associated file are readable and writable by the invoking process. Care must be taken to ensure that the file is accessible only by the set of principals that need to access their credentials. If the credential file is in a directory to which other users have write access, you will need to set that directory's sticky bit (see chmod(1)). The MEMORY credential cache type is used only in special cases, such as when making a temporary cache for the life of the invoking process. KRB5RCNAME Used by the mechanism to specify the type and location of the replay cache. The variable can be set to the following value: [[<rc type>:]<file name>] where <rc type> can be either FILE or MEMORY. <file name> is relevant only when specifying the replay cache file type. If not defined, the default value is: FILE:/var/krb5/rcache/root/rc_<service> ...if the process is owned by root, or: FILE:/var/krb5/rcache/rc_<service> ...if the process is owned by a user other than root. <service> is the service process name associated with the replay cache file. The replay cache is used by Kerberos to detect the replay of authentication data. This prevents people who capture authentication mes- sages on the network from authenticating to the server by resending these messages. When specifying the FILE replay cache type, care must be taken to prevent the replay cache file from being deleted by another user. Make sure that every directory in the replay cache path is either writable only by the owner of the replay cache or that the sticky bit ("t") is set on every directory in the replay cache path to which others have write permission. When specifying the MEMORY replay cache type you need to weigh the trade-off of performance against the slight security risk created by using a non-persistent cache. The risk occurs during system reboots when the following condition obtains: o The duration from the last write to the replay cache before reboot to the point when the Kerberized server applications are run- ning is less than the Kerberos clockskew (see krb5.conf(4)). Under this condition, the server applications can accept a replay of Kerberos authentication data (up to the difference between the time of the last write and the clockskew). Typically, this is a small window of time. If the server applications take longer than the clockskew to start accepting connections there is no replay risk. The risk described above is the same when using FILE replay cache types when the replay cache resides on swap file systems, such as /tmp and /var/run. The performance improvement in MEMORY replay cache types over FILE types is derived from the absence of disk I/O. This is true even if the FILE replay cache is on a memory-backed file system, such as swap (/tmp and /var/run). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWkrbu | +-----------------------------+-----------------------------+ |Interface Stability |Unstable | +-----------------------------+-----------------------------+ SEE ALSO
chmod(1), kinit(1), klist(1), kadmin(1M), kadmind(1M), krb5.conf(4), attributes(5), SEAM(5) SunOS 5.10 5 Mar 2004 krb5envvar(5)