k[dc]destroy; Was: Apps aquiring tickets

Sam Hartman hartmans at MIT.EDU
Wed Jun 4 01:43:11 EDT 2003

>>>>> "Buck" == Buck Huppmann <buckh at pobox.com> writes:

    Buck> On Wed, May 07, 2003 at 12:47:25PM -0400, Sam Hartman wrote:
    >> >>>>> "Greg" == Greg Wettstein <greg at wind.enjellic.com> writes:
    Greg> Of course that begs the security question of why time
    Greg> limited credentials are even implemented.
    >>  So that you have a single point at which to hotlist
    >> credentials.

    Buck> this raises a question in my mind, which may be something i
    Buck> should be able to figure out as an aspiring Competent
    Buck> Kerberos User but which i can't: why isn't there (aside from
    Buck> the obvious pain of im- plementation) a TGS-REQ to destroy
    Buck> tickets (something like a reg- ular TGS req, but with maybe
    Buck> the TGT being replaced by the ticket you want ``destroyed''
    Buck> [unless it *is* the TGT] and the authentica- tor generated
    Buck> using the session key from the ticket)? then the KDC would
    Buck> refuse to issue tickets based on a ``destroyed'' TGT or to
    Buck> renew ``destroyed'' tickets. (i.e., they'd be hotlisted.)
    Buck> and may- be any other tickets that were issued on the basis
    Buck> (TGT or renew- al[1]) of any such ``destroyed'' tickets

I believe that features like this are needed and simply have not been

More information about the Kerberos mailing list