Russ Allbery <ea...@eyrie.org> writes: > Charles Hedrick <hedr...@rutgers.edu> writes:
>> * A kerberized service where the user registers that they want to be >> able to do cron jobs on a given machine. >> * A kerberized pam module that calls the same service and gets back >> credentials, locked to the IP address, and at least by default not >> forwardable. > How does this address the problem raised on this thread? It's still the > case that if you become root on the host, you can just steal the keytab > used by that daemon and use it anywhere. This gives you enhanced > protection if you trust the boundary between non-root users and root, > but not if you don't trust the machine. Oh, wait, I see -- it does transform part of the attack to occasional on-line, since while you can steal the system keytab and request tickets whenever you want, you can't get the long-lived keytab for the actual target credential. (And presumably you can put monitoring and alerting around the host keytab being used from unexpected places.) Yeah, that's a partial security improvement. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos