k[dc]destroy; Was: Apps aquiring tickets
Sam Hartman
hartmans at MIT.EDU
Wed Jun 4 01:43:11 EDT 2003
>>>>> "Buck" == Buck Huppmann <buckh at pobox.com> writes:
Buck> On Wed, May 07, 2003 at 12:47:25PM -0400, Sam Hartman wrote:
>> >>>>> "Greg" == Greg Wettstein <greg at wind.enjellic.com> writes:
>>
Greg> Of course that begs the security question of why time
Greg> limited credentials are even implemented.
>> So that you have a single point at which to hotlist
>> credentials.
Buck> this raises a question in my mind, which may be something i
Buck> should be able to figure out as an aspiring Competent
Buck> Kerberos User but which i can't: why isn't there (aside from
Buck> the obvious pain of im- plementation) a TGS-REQ to destroy
Buck> tickets (something like a reg- ular TGS req, but with maybe
Buck> the TGT being replaced by the ticket you want ``destroyed''
Buck> [unless it *is* the TGT] and the authentica- tor generated
Buck> using the session key from the ticket)? then the KDC would
Buck> refuse to issue tickets based on a ``destroyed'' TGT or to
Buck> renew ``destroyed'' tickets. (i.e., they'd be hotlisted.)
Buck> and may- be any other tickets that were issued on the basis
Buck> (TGT or renew- al[1]) of any such ``destroyed'' tickets
I believe that features like this are needed and simply have not been
implemented.
More information about the Kerberos
mailing list