Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!schizo.samsung.com!hinman
From: hinman@schizo.samsung.com (David Hinman)
Newsgroups: comp.protocols.kerberos
Subject: Questions about vulnerability of ticket cache file
Message-ID: <14132@samsung.samsung.com>
Date: 4 Jun 90 16:30:27 GMT
Sender: hinman@samsung.COM
Reply-To: hinman@schizo.samsung.com (David Hinman)
Organization: Samsung Software America, Inc.
Lines: 21

Hello,

It seems to me that if my workstation allows more than one login, someone
with the root password can read my ticket cache file and hence impersonate
me.

1) Is this a problem in practice, or have I misunderstood something?

2) If it is a problem, will the next release of Kerberos be providing some
   facility to deal with it?

3) It seems like one solution would be a new device driver, providing 
   ticket cache files that are readable only by the owner and not by root. 
   Is this a reasonable approach?

Thanks,

Dave Hinman                         
Samsung Software America           (508) 685-7200 ext. 124
One Corporate Drive                hinman@samsung.com
Andover, MA 01810                  uunet!schizo.samsung.com!hinman