Date: Fri, 05 Feb 2010 16:59:36 +0200 From: George Mamalakis <mamalos@eng.auth.gr> To: freebsd-stable <freebsd-stable@freebsd.org>, freebsd-current@freebsd.org Subject: Kerberized NFSv3 incorrect behavior (revisited) Message-ID: <4B6C3258.7050607@eng.auth.gr>
next in thread | raw e-mail | index | archive | help
What's more, if I obtain (as root for example) a ticket for user mamalos and kdestroy it, and then login as user root in a new terminal, the root user in the new terminal has still all privileges of mamalos in the share. Klist, of course, shows no tickets. This could be also a security threat, in case different kerberos principals (users in this setup) use a shared machine account to logon, and then access their resources by kiniting to their respective principals. I assume that this must have to do with kernel's KGSSAPI support, which "forgets" to delete or renew its kerberos' cache. Thank you all, again, for your time. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B6C3258.7050607>