[1280] in Kerberos
Re: Storing tickets safely
daemon@ATHENA.MIT.EDU (Joe Pato)
Mon Mar 4 16:58:32 1991
From: pato@apollo.com (Joe Pato)
Date: Mon, 4 Mar 91 12:11:15 EST
To: hilary@snll-arpagw.llnl.gov (Hilary Jones)
Cc: jis@mit.edu, hilary@snll-arpagw.MIT.EDU, kerberos@ATHENA.MIT.EDU
In-Reply-To: hilary@snll-arpagw.llnl.gov (Hilary Jones), sun, 3 mar 91 22:18:32
>Whether or not tickets are stored in the Kernel or in a file is not a
>function of Kerberos, but of the system platforms that run Kerberos....
>However [...] it should not be hard to implement a ticket cache
>abstraction that uses it.
I was hoping that the next release of Kerberos would in fact have some
form of ticket caching that didn't depend on the file system. Perhaps
some sort of shepherd process so that Kernel mods wouldn't have to be made.
Without this, I still think the ticket is just a glorified password. I will
admit I am being the gadfly here, but this is the one part of Kerberos that
I haven't completely bought off on.
The OSF DCE security component (which uses Kerberos V5) includes a kernel
ticket cache. The kernel ticket cache is installed with the AFS client file
system component of the DCE - a component that already requires kernel
modifications.
-- Joe Pato
Cooperative Computing Division
Hewlett-Packard Company
pato@apollo.hp.com
-------
