[883] in Release_7.7_team
why we should document forwardable tickets
daemon@ATHENA.MIT.EDU (Mike Barker)
Thu Mar 6 10:27:04 1997
To: release-team@MIT.EDU
Date: Thu, 06 Mar 1997 10:27:01 EST
From: Mike Barker <mbarker@MIT.EDU>
I think I remembered why we said this might need special documenting.
The issue is that with forwardable, proxiable tickets (the new K5
flavor), the opportunity created by leaving your workstation logged in
is greater. E.g., suppose that you step away from your workstation
"for just a couple of minutes." A "ticket grabber" could sit down,
run a handy-dandy ticket forwarder, and then leave. When you come
back, there may be no evidence that your tickets have been
compromised, and that from another workstation, the "ticket forger" is
busily using your tickets (YOUR IDENTITY!)
mike