Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Helge Bahmann (bahmann_at_math.tu-freiberg.de)
Date: Mon Dec 09 2002 - 02:50:21 CST
thanks for your quick response.
On Fri, 6 Dec 2002 Olaf Kirch assaulted the keyboard and produced:
> On Fri, Dec 06, 2002 at 07:21:42PM +0100, Helge Bahmann wrote:
> > - tickets are obtained and validated from kdc
> > - credentials cache file /tmp/krb5cc_0 (!) is created and KRB5CCNAME set
> > accordingly for the session
> You should check the README that comes with our pam_krb5 RPM.
> It describes how to use separate cc files for all sessions.
you are referring to the ccache parameter? yes I know, I'm using it; but
since the cc file names are still quite easily guessable, the possibility
of the root compromise remains (unless there is some misconfiguration on
my part, which I'm still not sure about -- the behvior is just too
Will try to produce some more information.
-- Helge Bahmann <bahmannmath.tu-freiberg.de> /| \__ The past: Smart users in front of dumb terminals /_|____\ _/\ | __) $ ./configure \\ \|__/__| checking whether build environment is sane... yes \\/___/ | checking for AIX... no (we already did this) |
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here