[OpenAFS] token theft under XP
Charles Clancy
security@xauth.net
Thu, 12 Dec 2002 13:29:32 -0600 (CST)
> >Scenario:
> >1. domain user 'x' logs in, gets tokens
> >2. 'x' logs out
> >3. local machine administrator goes in and creates local user 'x'
> >4. log in as local user 'x'
> >5. local user has access to the token and drive mappings obtained by the
> > domain user
>
> Umm, have you tried this?
Yes. Otherwise I wouldn't have posted it (or noticed it for that matter).
I used the 1.2.6 client under WinXP.
I understand that PAGs would solve the problem, but the little systray
icon tokens tool doesn't do that by default.
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]