[3937] in Kerberos
Re: KRB5 problems
daemon@ATHENA.MIT.EDU (Dave McGuire)
Tue Sep 27 16:45:08 1994
Date: Tue, 27 Sep 1994 16:18:37 -0400
From: Dave McGuire <mcguire@rocinante.digex.net>
To: ramus@nersc.gov (Joe Ramus)
Cc: kerberos@MIT.EDU
In-Reply-To: Re: KRB5 problems (Joe Ramus)
On September 27, you wrote:
> I hate the idea of storing the ticket cache in /tmp because it seems
> too easy for someone else to be able to "steal" my file. It seems
> better to at least create a directory with a name such as:
> /tmp/krb5cc_my_uid
>
> This directory would be owned by the user and would have owner access
> only.
This used to bother me a lot, until I gave it further thought...My
CC file is mode 600, owned by me. Now, in an ideal world, someone
would have to break root on the system in question to get at that
file, other than seeing that it exists. I figure I've got MUCH bigger
problems if someone's got root on the machine... :)
Any thoughts on this?
Regards,
-Dave McGuire
Operations
Digital Express Group, Incorporated
mcguire@digex.net
