Hello. I sometimes hears than kerberos 5 security is lowered by the use of file based credentials, whereas kerberos 4 was using shared memory instead, making much more difficult to an admin (for instance) to retrieve a valid user ticket.
I know an admin user can scan the memory for a user ticket, but a quick google search on the issue didn't returned any such tool ready for user. And unless some string pattern make easy to grep /proc/kcore for extracting those ticket, is this assertion reserved to admins able to craft a dedicated memory scanning tool ? Also, I've read than kerberos 5 specification doesn't enforce one or the other kind of storage, that's just MIT and heimdal implementation choices. Are they any way, for both of them, to use memory-based credential cache instead ? -- BOFH excuse #91: Mouse chewed through power cable ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
