Ticket addresses w.r.t. forwarded tickets.

Jeffrey Hutzelman jhutz at cmu.edu
Thu Dec 8 13:54:20 EST 2005

On Tuesday, December 06, 2005 10:02:00 AM -0500 Derek Atkins 
<warlord at mit.edu> wrote:

> In delegated credentials I may want to delegate a credential that
> may only be used on a particular host..   Otherwise the processes
> on the destination may decide to copy my credential and use it
> elsewhere, which could be a security hole.

But having addresses in tickets doesn't fix that, because in many cases 
there is nothing preventing the "elsewhere" from stealing your IP address.

Further, that's not the direction Richard was asking about.  He wants to be 
able to make the forwarded ticket be addressless even when the original is 

-- Jeff

More information about the krbdev mailing list