Date: Thu, 14 Nov 1996 08:00:08 -0800 (PST) From: Garrett Wollman <wollman@lcs.mit.edu> To: freebsd-bugs Subject: bin/2008: kerberos tickets from login all have the same name Message-ID: <199611141600.IAA28857@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/2008; it has been noted by GNATS. From: Garrett Wollman <wollman@lcs.mit.edu> To: ccsanady@friley216.res.iastate.edu Cc: FreeBSD-gnats-submit@freebsd.org Subject: bin/2008: kerberos tickets from login all have the same name Date: Thu, 14 Nov 1996 10:49:19 -0500 <<On Thu, 14 Nov 1996 07:02:22 -0600 (CST), Chris Csanady <ccsanady@friley216.res.iastate.edu> said: > By default, login stores your kerberos tickets in /tmp/tkt_uid. If you are > logged on to the same machine multiple times, it will use the same ticket. It > is generally good practice to put a kdestroy in your .logout (or the default.) Not everybody uses csh. Some people use real shells. > If you do this, logging out of any of your sessions will mean you have no > tickets in the others. This is a feature, not a bug. I have a machine sitting on a table next to my desk upon which I occasionally need authentication. I can securely log in on its console to get a TGT and then use my xterm window to perform the real work. More significantly, the Kerberized NFS client depends on being able to find a unique ticket file for each UID logged in. Your proposed reversion (back to the way MIT Kerberos v4 worked) breaks this. (The MIT way of doing authenticated NFS used a separate program called `fsauth' which would contact an RPC service on the NFS server and exchange authentication that way, which would then allow any requests from that client for that particular UID until the expiration date of the ticket.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611141600.IAA28857>