[3944] in Kerberos
Re: KRB5 problems
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Wed Sep 28 12:06:33 1994
To: kerberos@MIT.EDU
Date: 28 Sep 1994 15:38:51 GMT
From: marc@cam.ov.com (Marc Horowitz)
>> I hate the idea of storing the ticket cache in /tmp because it seems
>> too easy for someone else to be able to "steal" my file. It seems
>> better to at least create a directory with a name such as:
>> /tmp/krb5cc_my_uid
>>
>> This directory would be owned by the user and would have owner access
>> only.
Could you explain how your files are any more vulnerable in a mode 600
file than they are inside a mode 700 directory? Root can get your
tickets in any case. Nobody else can touch them, unless your
filesystem is pretty horribly broken.
If you do want to be paranoid, there's nothing preventing you from
doing exactly what you describe. Create the directory yourself, and
set $KRB5CCNAME accordingly.
Marc
