[21] in pc-kerberos
Re: Kerberos on PC/TCP
daemon@ATHENA.MIT.EDU (Paul B. Hill )
Fri Jun 3 14:08:13 1994
To: pc-kerberos@MIT.EDU
Date: Fri, 3 Jun 94 14:02:46
From: pbh@MIT.EDU (Paul B. Hill )
>We chose a different approach when doing the DOS port because we knew
>that the tickets would be used on machines in public computing clusters.
>Having no real way to ensure a /tmp-style clearing of the ticket file,
>we went with the KERBMEM scheme of creating a block of memory and
>storing the address of this memory in a environment variable. The idea
>is that we can at least expect the user to reboot when they leave....
I've been thinking of moving away from the KERBMEM model so that we can
support OS/2 and NT easier. It seems like most of the security of KERBMEM
can be achieved by using a small RAM disk and a standard ticket file. Some
vendors/users may prefer to bypass the use of a RAM disk and just use a
standard disk.
By putting the ticket file in a hidden directory but in a normal file
within the hidden directory you get a small measure of additional security.
The file will not be found using most FileFind type utilities. Nothing
unusual will be reported by chkdsk since it reports hidden files but not
hidden directories.
KERBMEM remains slightly more secure than a ticket file for operating
systems (I use the term loosely) which do not support file access or
directory access control.
I haven't given enough thought to backwards compatibility with KERBMEM yet.
>I suggest that if we are going to have "one interoperable" standard
>for environment variable names for the ticket file location, then we
>should use the name KRBTKFILE, since that's what Unix Kerberos
>currently uses. Try it...
>
> John Gilmore
>
I think our standard environment variable name has been chosen. KRBTKFILE
it is. :)
