[887] in Release_7.7_team
Re: why we should document forwardable tickets
daemon@ATHENA.MIT.EDU (Craig Fields)
Thu Mar 6 15:49:30 1997
Date: Thu, 6 Mar 1997 20:49:26 GMT
From: Craig Fields <cfields@MIT.EDU>
To: ghudson@MIT.EDU
Cc: mbarker@MIT.EDU, release-team@MIT.EDU
> I think you overestimate how much skill is required to get AFS tokens
> with a copied set of Kerberos tickets:
There is the knowledge required that it is so simple as well - one
might not expect something so trivial to work. (Not exactly related,
but: Can we fix the aklog protocol?)
Nevertheless, AFS is not the only service in town. The threat of
exploitation against other services is still much greater with the
forwardable K5 tickets.
Craig
