Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!shelby!is.Morgan.COM!dchen
From: dchen@is.Morgan.COM (Dave Chen)
Newsgroups: comp.protocols.kerberos
Subject: srvtab on client machines
Message-ID: <9102271612.AA09887@9887>
Date: 27 Feb 91 16:12:30 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 21



Hi,	

    I work for Jo Goodson at Morgan Stanley & Co.  I like to know
what methods do you have in securing the key in the /etc/srvtab
on the client machines.  Our premise is that all client machines,
who are maintain and controlled by their owner instead of our UNIX
system administrators, are not securable.  It is very easy for 
any knowlegeable unix user to gain root access if the owner does
not maintain a tight security on his workstation.  Once a user	
becomes root, he can get access to the /etc/srvtab file and use 
it to get a ticket granting ticket from kerberos via ksrvtgt.  

    What security measures do you have in preventing this possible
breach?	

     

 Security Adminstration 
   Dave Chen