Preventing an attacker to steal credential and to compromise a whole kerberized network?

[Tom Yu]

Simo Sorce <simo at redhat.com> writes:

> That said I just remembered that by default keyring quotas are quite
> small compared to the size a credential cache can reach, so it may not
> be really a solution if you need to store many tickets (or if your
> tickets are very big).

It is possible to mitigate this somewhat by storing only the session
key in the keyring.  (Some krb4 shared-memory ticket caches worked
this way.)