[3176] in Kerberos
Re: passing AFS tokens
daemon@ATHENA.MIT.EDU (Derrick J. Brashear)
Tue Apr 26 00:31:53 1994
To: kerberos@MIT.EDU
Date: Mon, 25 Apr 1994 09:41:39 -0400
From: "Derrick J. Brashear" <db74+@andrew.cmu.edu>
Excerpts from netnews.comp.protocols.kerberos: 24-Apr-94 passing AFS
tokens by John Gardiner Myers@CMU.
> I've always found the IP address checks to be the most annoying facets
> of Kerberos. It's not as if they really buy you anything in the way
> of security.
Incidentally, removing the IP number check of Kerberos tickets in K4 is
trivial; It's like a one-line modification in libkrb.a, as I recall. I
tried it while I was still playing with K4, but as I recall I re-enabled
the IP check to prevent something along the lines of someone stealing
and copying tickets to another machine. Not that it matters, I use K5
now.
-D
