[15512] in Athena Bugs
Re: "David Woodruff, MIT Lab for Nuclear Science": leash 1.3
daemon@ATHENA.MIT.EDU (Paul B. Hill)
Wed Sep 17 21:50:29 1997
Date: Wed, 17 Sep 1997 21:50:31 -0400
To: DSW@mitlns.mit.edu
From: "Paul B. Hill" <pbh@MIT.EDU>
Cc: bugs@MIT.EDU, dosdev@MIT.EDU
In-Reply-To: <199709172040.QAA08877@megara.MIT.EDU>
>...my tickets had not been destroyed when I logged off ...
This is indeed the current behavior because the tickets are stored on the
disk under NT and Kerberos is not integrated into the NT logon process at
this time.
The easiest solution is to add kdestroy to the startup folder of each user
on the NT system. Of course the problem will reoccur if a user removes
kdestroy from the startup folder. You can also force the execution of
kdestroy during logon for all users through some registry editing. I do not
recommend this. This method should only be used if you accept the risk of
manually editing the registry.
If your NT machine is going to be used by more than one user you can still
secure your tickets from access by other users. Please read the following
carefully:
Previous versions of MIT's Windows Kerberos required a small memory
resident (TSR) program, kerbmem.exe, be run prior to starting Windows. This
set aside a small chunk of memory in DOS in which to store Kerberos
tickets. Kerbmem.exe is now optional for Windows 3.x and Windows 95 users,
and as an alternative, Windows Kerberos can store tickets in a file on disk.
At this time Windows NT users must store their tickets on the disk. We hope
to change this in the near future.
There is some controversy over storing Kerberos tickets on disk for
microcomputer operating systems like Windows, OS/2, and Macintosh. If
stroring Kerberos tickets on disk gives you the heebie-jeebies, go with
kerbmem.exe. If running yet another DOS TSR gives you the heebie-jeebies,
go with tickets on disk.
If you are an NT user concerned about security use the NTFS file system and
store the tickets in a directory that is writeable and readable by you but
no one else. This directory should not be shareable. Nor should it be on a
remote machine.
If kerbmem.exe is not loaded, Windows Kerberos will store tickets in a file
on disk. You can specify the name of the ticket file and the directory in
which it is stored via the environment variable KRBTKFILE. For example, to
store your tickets in a file called tkt-joe.krb in the directory
c:\users\joe-user\, use the follwing statement:
set KRBTKFILE= c:\users\joe-user\tkt-joe.krb
If the environment variable KRBTKFILE is not used, the default value
%TEMP%\ticket.krb will be used. That is, tickets will be stored in the file
ticket.krb in %TEMP%. If you do not have an environment variable named TEMP
the environment variables TMP and HOME will also be checked and used if
present. As a last resort the hard coded path c:\tmp\ticket.ktb will be
used. Whichever method is used you'll have to make sure the directory
exists, or Windows Kerberos will report an error.
Of course, to be really sure, when you logoff run kdestroy from a command
line or use the "Destroy Tickets" button in Leash. Unfortunately, Microsoft
does not provide a shutdown folder at this time to automate that task.
>------- Forwarded Message
>
>Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po8.MIT.EDU (5.61/4.7) id
AA01200; Thu, 11 Sep 97 11:12:42 EDT
>Received: from IRENE.MIT.EDU by MIT.EDU with SMTP
> id AA19809; Thu, 11 Sep 97 11:12:39 EDT
>Date: Thu, 11 Sep 1997 11:12:06 -0400
>From: "David Woodruff, MIT Lab for Nuclear Science" <DSW@mitlns.mit.edu>
>To: bugs@MIT.EDU
>Cc: DSW@mitlns.mit.edu
>Message-Id: <970911111206.2640853a@mitlns.mit.edu>
>Subject: leash 1.3 on WNT-- tickets not destroyed
>
>Hi,
>
>We have installed leash and hostexplorer on Windows NT 4.0 (Service Pack 3),
>and we found an unexpected behavior ('bug').
>
>I logged on, got my kerberos tgt and a few others logging into other
machines.
>Then I logged off, and my friend logged on. After he logged on we found that
>my tickets had not been destroyed when I logged off, and they were available
>for his use. As a consequence when he used hostexplorer to connect to
>irene.mit.edu, a VMS machine in our lab that runs MULTINET kerberos client,
>he was immediately connected into MY account without being asked for username
>and password.
>
>So each of us using the WindowsNT machine must learn to actively destroy
>our tickets before logging out. This is basically unacceptable, since we
>may not always remember to do this. And what happens when we have to explain
>it to the lab secretaries?...
>
> Thanks for any help,
>
> David S. Woodruff
> VMS systems and applications
> MIT Lab for Nuclear Science
>
>------- End of Forwarded Message
>
>
