[32811] in Kerberos
override default credentials cache file location
daemon@ATHENA.MIT.EDU (Zaar Hai)
Thu Oct 14 06:27:09 2010
MIME-Version: 1.0
From: Zaar Hai <haizaar@gmail.com>
Date: Thu, 14 Oct 2010 12:26:38 +0200
Message-ID: <AANLkTik44GKtwJBwysv8ONSeLdPQ-b+=SOO7U8qCHdmb@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Good day, dear all!
I'm using MIT kerberos version 1.6 on Debian Lenny amd64. I would like
to override default location of credentials cache file. Here is the
reasoning and may be someone would have a better solution:
Credentials cache are stored in /tmp by default. /tmp is mounted on
real disk and that's not going to change. The problem is that if, for
example, I run kinit in the evening and go home, then someone who
breaks to office at night, can reboot my computer from CD and access
my credentials cache gaining the access to all of the network services
I'm eligible to access.
I've thought of making default cache location to be
/var/cars/krb5ccache which will be mounted to RAM, making above
scenario much harder to execute.
Thanks.
--
Zaar
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
