[1276] in Kerberos
Storing tickets safely
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Mon Mar 4 06:55:18 1991
From: qjb@ATHENA.MIT.EDU
Date: Mon, 4 Mar 91 02:10:09 -0500
To: hilary@snll-arpagw.llnl.gov (Hilary Jones)
Cc: kerberos@ATHENA.MIT.EDU
Kerberos version V does indeed have support for arbitrary ticket
caching mechanisms. The terminology has been changed to
"credentials cache" since this is really what the ticket file
is. Kerberos V supports arbitrary interface to this cache.
There is a structure of functions (sort of like the way X
toolkit works). You need to implement certain routines
according to specification, and then the library will take care
of the rest. (I'm glossing over the details, of course.) If
you wanted to write a kernel interface for credentials caching,
you could do so without having to otherwise modify any part of
the kerberos code. There is a similar mechanism for srvtabs so
that, for example, you could have servers' keys stored in the
kernel. If necessary, you could get this by requiring that an
operator be present to type passwords at boot time.
Even in Kerberos there is some support for something better than
the filesystem. Shared memory ticket files are implemented and
should work on some systems that support shared memory. I know
that this code works under Ultrix. I know that we have gotten
the code to work on a PS/2 running AIX, but I doubt that we sent
any patches to the kerberos list if patches were necessary.
This still doesn't stop someone from stealing your credentials,
but it makes the job considerably more difficult and provides a
bit of added safety for clients with diskless workstations
(though probably not as much as would be desired.)
I should give the disclaimer that my knowledge of Kerberos V is
based largely on design discussions that took place last summer.
Jay Berkenbilt
Project Athena
