Ken Hornstein wrote:
>>Why store tickets in the kernel, what's the point? Presumably you'd not >>want anything other than TGTs in the kernel, so where do you cache >>service tickets? Or do you want all tickets in the kernel? (Presumably >>in pageable, accounted memory...). > > > Well, actually, I'd rather have the whole ticket cache in the kernel. > I have personally seen attacks on the current file cache; right now we > don't use a file cache, but the scheme we do use has some issues. One > thing we were planning on doing was use the Linux kernel keyrings > if/when they become suitable ... but of course those would only work > under Linux. I know that putting the ticket cache in the kernel isn't > 100% protection, but I think it's the best we can probably do on a > multi-user Unix system. The caches I see are tiny, Unless the the KDC is Windows, and the tickets have PACs. A tgt is 2000 bytes, but could go as high as 14k. > so I'm not too > worried about size. Make it one of those adjustable kernel parameters. > > --Ken > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos