Denis Feklushkin writes:
> Russ Allbery wrote:
>> There are a couple of problems with this, unfortunately. One is that
>> the Kerbeors libraries don't provide you any easy way to do this, so
>> mod_auth_kerb would have to invent a custom encoding format for the
>> credential cache, which would
Denis Feklushkin writes:
> Need ability to transfer credential in a variable rather than as a
> reference to a file in KRB5CCNAME.
> Currently a cgi-script containing an error allows an attacker to gather
> all credentials in the /tmp and use them. (Attacker can use credentials
> through script
Subject: libapache2-mod-auth-kerb: Need ability to transfer credential in a
variable
Package: libapache2-mod-auth-kerb
Version: 5.3-5
Severity: wishlist
Need ability to transfer credential in a variable rather than as a reference to
a file in KRB5CCNAME.
Currently a cgi-script containing an err
3 matches
Mail list logo
