On Wed, Oct 03, 2001 at 03:16:32PM -0400, Paul B. Hill wrote: > To clarify further, the MIT Windows implementation of the ccache is not file > based. The ticket cache is kept in memory and is accessed via a local RPC > mechanism. The local RPC mechanism is authenticated. Under Win2k and XP one > user cannot normally access another users tickets.
And to clarify further (and paraphrase): Under Unix one user cannot normally access another users tickets -- this is implemented using Unix file permissions for file-type ccaches. It would be nice if there were an agent-type ccache for Unix, much like the ccapi one for Windows. Heck, the SSH ssh-agent could be a good place to start, particularly in view of SSH's agent forwarding feature. Nico > -----Original Message----- > From: Garrett Wollman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 03, 2001 2:43 PM > To: [EMAIL PROTECTED] > Subject: Re: Ticket stored, accessed where? > > > In article <[EMAIL PROTECTED]>, > Nicolas Williams <[EMAIL PROTECTED]> wrote: > >Windows 2000: stored by the LSA (I think) > >Solaris: stored in "ccache" > >MIT: stored in "ccache" > >Heimdal: stored in "ccache" > >CyberSafe: ? > > > >A "ccache" is a per-TGT file. > > Not specifically. A ``ccache'' is an instance of the generic > credential-cache API. There is nothing preventing one from using (for > example) a UNIX shared-memory segment to store the credentials, rather > than a plain file.[1] > > -GAWollman > > [1] Actually, there is: traditional SVID-style shared memory segments > are persistent, and thus would eventually be completely consumed > unless every user was absolutely scrupulous in running `kdestroy'. > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the > same > [EMAIL PROTECTED] | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad > Irschick -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
