[OpenAFS] token security

Derrick J Brashear shadow@dementia.org
Wed, 20 Feb 2002 16:36:52 -0500 (EST)


On Wed, 20 Feb 2002, David Bear wrote:

> Something I notices about tokens on linux and I'm not sure if it should be
> a security issue or not.
>
> Here's what I did on Caldera OL (red hat derivative)
>
> from kde -- open a shell, the klog
> log out of kde
> log back in -- cache manager still has the tokens

get a pag. if you're using pam, install the pam afs modules.
this isn't insecure, it's how afs works. if you have no pag, the tokens
are seen by all processes not in a pag.

> What precautions are available to prevent token stealing from linux/kde?

it's not theft if you did something which is essentially "deliberately
sharing them with everyone"

-D