[1277] in Kerberos
Re: Storing tickets safely
daemon@ATHENA.MIT.EDU (John T Kohl)
Mon Mar 4 10:11:13 1991
Date: Mon, 4 Mar 91 09:36:55 EST
From: John T Kohl <jtkohl@MIT.EDU>
To: hilary@SNLL-ARPAGW.LLNL.GOV (Hilary Jones)
Cc: kerberos@MIT.EDU
In-Reply-To: hilary@SNLL-ARPAGW.LLNL.GOV's message of 4 Mar 91 00:22:28 GMT
>I was hoping that the next release of Kerberos would in fact have some
>form of ticket caching that didn't depend on the file system.
If you are willing to code up such a beast when/after the beta-test is
ready, we would probably be willing to include it in our distribution.
We already have a commitment from elsewhere to do a shared-memory
credentials cache implementation, but if you were interested in a
different model, we would welcome help with it.
>Admittedly my
>users shouldn't ask for long-lived passwords, and I should enforce that.
>But then one of the biggest advantages of Kerberos goes away for my users.
>Namely, they won't be able to run batch jobs that may take many days to
>run before needing a password.
This is exactly the case that renewable tickets were intended for. The
idea is that you get a ticket with both a "local" and a "global"
expiration time. Before the "local" time arrives, you send the ticket
to the KDC for revalidation, and it sends back a replacement with
an adjusted "local" expiration time.
If you discover a ticket theft, you can instruct the KDC to refuse to
replace that ticket when a renewal is requested.
John
