Automatically renewing the ticket is not a security breach. Since it can be done without storing passwords I don't see why it should be unsafe. IMHO it currently is the only reasonably safe way to keep NFS home directories accessible for long running jobs (e.g. if you have to run a simulation overnight) and unattended GUI applications. If the user is not around the screen should be locked anyway. It is certainly much safer than just extending the expiration date of the ticket.
On a standard MIT Kerberos installation the user can renew the ticket without entering the password for up to 7 days if the ticket and your account are still valid. Obviously the longer the ticket is out there, the higher the risk that somebody might steal it, so this has to be configured accordingly. But I really don't see a big security issue there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
