[1200] in testers
Re: xlogin ticket destruction
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Wed Nov 28 02:12:14 1990
Date: Wed, 28 Nov 90 02:11:51 -0500
To: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
Cc: testers@MIT.EDU, mar@MIT.EDU
In-Reply-To: Jonathan I. Kamens's message of Wed, 28 Nov 90 01:16:15 -0500,
From: Richard Basch <probe@MIT.EDU>
Date: Wed, 28 Nov 90 01:16:15 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
Sender: jik@pit-manager.MIT.EDU
Xlogin should only attempt to destroy kerberos tickets upon logout if
it created kerberos tickets automatically upon login.
For example, when I log in as root, xlogin shouldn't be trying to
destroy tickets when I log out. But it is, or at least so it would
appear from the "No tickets to destroy" message that is displayed
right after I type "logout".
jik
I would disagree... From a security point of view, I think it should
destroy anything in the KRBTKFILE that login would normally set. The
user could have easily forgotten about acquired tickets. In fact, our
other login programs (ie. /bin/login) also destroy tickets, regardless
of whether it obtained them initially (and actually, I sometimes forget
to type kdestroy, and thank the fact that login deals for me).
-Richard
