> We have been using Kerberos for a LONG time; over 20 years.
Hi Ken! Nice to hear from you :-) > A long time ago we ran into issues with widespread Kerberos ticket theft > from attackers, due to the quite-common usage at that time of Kerberos > tickets being stored in files. So why is storage in files so much more dangrous than storage in memory? If one happens to get a process which can read the files in local /tmp, why could that process not modify any of /proc/<pid>/mem on the same computer to get at the ticket cache anyway? OK, one benefit of memory is that it is automatically destroyed when no processes accesses it any more. But other than that? Harald. PS: Currently I'm dealing again with the "uid is security enough" people which are showing every time one buys a product together with the software (vendor does not offer feature "kerberos" bla bla bla ...) _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info