[7502] in Kerberos
Re: Limiting Kerberos Logins
daemon@ATHENA.MIT.EDU (Jim Miller)
Tue Jun 18 21:42:39 1996
From: jim@bilbo.suite.com (Jim Miller)
Date: Tue, 18 Jun 96 20:19:58 -0500
To: rossirj@SLUVCA.SLU.EDU
Cc: kerberos@MIT.EDU
Reply-To: Jim_Miller@bilbo.suite.com
The problem with trying to limit Kerberos logins is that the KDC has no
way to determine when the user has logged out. A user "logs out" of
Kerberos when his ticket granting ticket expires or when he deletes his
credentials cache file.
You may be tempted to write a krb5_logout utility that sends a secure
"logout" message to the KDC indicating the user has logged out and then
deletes the cc file. This would work, but that would be bad for two
reasons. First, it would require that the KDC write state info into the
KDC database for every AS request and for every "logout" message,
something it does not currently do and is not recommended. And second,
that would prevent users from quickly logging back into Kerberos if they
simply deleted their credentials cache file. They would not be able to
log back in until they called the krb5_logout utility, but krb5_logout
utility wouldn't be able to send a secure "logout" message to the KDC
because the cc file containing the ticket for the KDC service is gone.
Not an easy problem to solve given the Kerberos model.
Jim_Miller@suite.com
