Charles Hedrick <hedr...@rutgers.edu> writes: > * A kerberized service where the user registers that they want to be > able to do cron jobs on a given machine. > * A kerberized pam module that calls the same service and gets back > credentials, locked to the IP address, and at least by default not > forwardable.
How does this address the problem raised on this thread? It's still the case that if you become root on the host, you can just steal the keytab used by that daemon and use it anywhere. This gives you enhanced protection if you trust the boundary between non-root users and root, but not if you don't trust the machine. The point of the TPM is that you can't exfiltrate the keys, even if you have root, only perform on-line operations. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos