[OpenAFS] token security
Derrick J Brashear
shadow@dementia.org
Wed, 20 Feb 2002 16:36:52 -0500 (EST)
On Wed, 20 Feb 2002, David Bear wrote:
> Something I notices about tokens on linux and I'm not sure if it should be
> a security issue or not.
>
> Here's what I did on Caldera OL (red hat derivative)
>
> from kde -- open a shell, the klog
> log out of kde
> log back in -- cache manager still has the tokens
get a pag. if you're using pam, install the pam afs modules.
this isn't insecure, it's how afs works. if you have no pag, the tokens
are seen by all processes not in a pag.
> What precautions are available to prevent token stealing from linux/kde?
it's not theft if you did something which is essentially "deliberately
sharing them with everyone"
-D