[3289] in Kerberos
Re: What is Kerberized NFS?
daemon@ATHENA.MIT.EDU (Charles L. Athey III)
Tue May 17 19:17:04 1994
Date: Tue, 17 May 94 15:58:56 PDT
From: athey@lorien.ocf.llnl.gov (Charles L. Athey III)
To: kerberos@MIT.EDU
>Paul Lustgraaf wrote:
>>Nick Eggleston <nick@ucunix.san.uc.edu> wrote:
>
>>What does Kerberized NFS give me? Does it make users id themselves
>>before accessing files? Does it prevent root from becoming another
>>user and accessing his files? Thanks,
>
>Users need to present valid Kerberos tickets to the NFS server at
>MOUNT time (only). In most cases root can still pretend to be a
>user by picking up the ticket from the /tmp directory (or wherever).
>Various ways around this have been proposed, but I don't know that
>anything has ever been agreed on
This is all correct unless you are running Solaris2.3. Sun's Solaris2.3
has a kerberized NFS which checks for valid tickets on each NFS request, not
just at mount time. Thus, if a user does not have any tickets on a
particular system root can not pretend to be that user even if the file
system can be mounted. Unfortunately, if the user has a TGT lying around,
either because the are logged in or forgot to do a kdestroy when they logged
out, then root can use the existing TGT and access that user's files.
Chuck Athey
athey@llnl.gov
