[1262] in Kerberos
srvtab on client machines
daemon@ATHENA.MIT.EDU (Dave Chen)
Wed Feb 27 18:46:57 1991
Date: Wed, 27 Feb 91 11:12:30 EST
From: dchen@is.Morgan.COM (Dave Chen)
To: athena.mit.edu!kerberos@uunet.UU.NET
Hi,
I work for Jo Goodson at Morgan Stanley & Co. I like to know
what methods do you have in securing the key in the /etc/srvtab
on the client machines. Our premise is that all client machines,
who are maintain and controlled by their owner instead of our UNIX
system administrators, are not securable. It is very easy for
any knowlegeable unix user to gain root access if the owner does
not maintain a tight security on his workstation. Once a user
becomes root, he can get access to the /etc/srvtab file and use
it to get a ticket granting ticket from kerberos via ksrvtgt.
What security measures do you have in preventing this possible
breach?
Security Adminstration
Dave Chen