[3320] in Kerberos
Re: What is Kerberized NFS?
daemon@ATHENA.MIT.EDU (Rich Salz)
Mon May 23 12:30:17 1994
To: kerberos@MIT.EDU
Date: 23 May 1994 15:54:56 GMT
From: rsalz@osf.org (Rich Salz)
In <2raujg$2vj@news.iastate.edu> grpjl@iastate.edu (Paul J Lustgraaf) writes:
>In most cases root can still pretend to be a
>user by picking up the ticket from the /tmp directory (or wherever).
>Various ways around this have been proposed, but I don't know that
>anything has ever been agreed on.
Yes, this is a well-known problem with the reference implementation of
Kerberos. It's part of the general design space that the local host
must be trusted. Athena solved this problem primarily by not having
multi-user machines.
OSF DCE DFS stores a users credential in the kernel, but this does not
protect them from anyone who can read /dev/kmem or its equivalent.
Given the common Un*x platform, this is probably an intractable problem.
/r$
