Ticket addresses w.r.t. forwarded tickets.
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Dec 8 13:54:20 EST 2005
On Tuesday, December 06, 2005 10:02:00 AM -0500 Derek Atkins
<warlord at mit.edu> wrote:
> In delegated credentials I may want to delegate a credential that
> may only be used on a particular host.. Otherwise the processes
> on the destination may decide to copy my credential and use it
> elsewhere, which could be a security hole.
But having addresses in tickets doesn't fix that, because in many cases
there is nothing preventing the "elsewhere" from stealing your IP address.
Further, that's not the direction Richard was asking about. He wants to be
able to make the forwarded ticket be addressless even when the original is
not.
-- Jeff
More information about the krbdev
mailing list