Path: utzoo!utgpu!watserv1!watmath!att!linac!uwm.edu!bionet!agate!stanford.edu!APOLLO.COM!pato
From: pato@APOLLO.COM (Joe Pato)
Newsgroups: comp.protocols.kerberos
Subject: Re: Storing tickets safely
Message-ID: <9103041712.AA24246@ATHENA.MIT.EDU>
Date: 4 Mar 91 17:11:15 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 25


    	
    >Whether or not tickets are stored in the Kernel or in a file is not a
    >function of Kerberos, but of the system platforms that run Kerberos....
    >However [...] it should not be hard to implement a ticket cache
    >abstraction that uses it.
    	
    I was hoping that the next release of Kerberos would in fact have some
    form of ticket caching that didn't depend on the file system.  Perhaps
    some sort of shepherd process so that Kernel mods wouldn't have to be made.
    Without this, I still think the ticket is just a glorified password.  I will
    admit I am being the gadfly here, but this is the one part of Kerberos that 
    I haven't completely bought off on.

The OSF DCE security component (which uses Kerberos V5) includes a kernel
ticket cache.  The kernel ticket cache is installed with the AFS client file
system component of the DCE - a component that already requires kernel
modifications.

                    -- Joe Pato
                       Cooperative Computing Division
                       Hewlett-Packard Company
                       pato@apollo.hp.com

-------