Renewable ticket ?
Austin Gonyou
austin at coremetrics.com
Wed May 8 12:13:32 EDT 2002
If you were to use POSIX ACLs though, and then SUID the xlock binary,
would that help at all?
On Wed, 2002-05-08 at 10:47, eichin-krb at thok.org wrote:
> > I agree with you, I would like to see some xlock that renews
> kerberos
> > tickets also.
>
> I've yet to see a good design for this that isn't either vulnerable to
> the zanarotti attack, or needs xlock to be setuid root. I have seen
> implementations that combined both flaws :-)
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"One ought never to turn one's back on a threatened danger and
try to run away from it. If you do that, you will double the danger.
But if you meet it promptly and without flinching, you will
reduce the danger by half."
Sir Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020508/68a2242d/attachment.bin
More information about the Kerberos
mailing list