kinit issue

prashant sodhiya prashant_sodhiya at rediffmail.com
Tue Aug 30 09:55:32 EDT 2005


Hi,
  In MIT kerberos  a "kinit" creates  a credential file in /tmp, which is a world-writable directory.

$ ls  -l  /
	drwxrwxrwt   9 bin      bin            3584 Aug 30 15:07 tmp

I feel it can lead to Denial of Service attack if some other user can create a credential file as that of a valid kerberos user.
Is it  true in MIT kerberos?.How it handled in MIT Kerberos?
Pls give some insights into it.

thnx n regards
Prashant


More information about the Kerberos mailing list