storing tickets in memory
Ken Raeburn
raeburn at MIT.EDU
Thu Jun 10 13:18:04 EDT 2004
On Jun 10, 2004, at 09:11, Adam Denenberg wrote:
> ok thanks for the info. I did some reading and was basically thinking
> of implementing kerberos here on our unix systems but read about some
> security concerns about ticket credentials being stored in /tmp.
> Meaning anyone with root can become another user and steal his/her
> credentials. How do people deal with this security issue?
By realizing that unless your OS significantly curtails the access
granted to root, the root user can look at users' shared memory
segments and local process memory, or run processes as the target user,
or modify system software to do things the users don't intend; so
basically, the game is over once the bad guy gets root access.
Ken
More information about the Kerberos
mailing list