[OpenAFS] Kerberos 5 cache in /tmp

Cesar Garcia Cesar.Garcia@morganstanley.com
Wed, 7 Apr 2004 11:38:12 -0400


>>>>> "Frederic" == Frederic Gilbert <Frederic.Gilbert@inria.fr> writes:

Frederic> - under AFS, root can steal tokens too (yes, but by having to find them
Frederic> in the kernel memory, which is a quite more complex job).

It's not that complex. As root, you can see what user and groups are
associated with any process (/proc). That is equivalent to identifying
the user and PAG. Using setgroups(), root can "attach" to a PAG.

(a little more complex than just using an existing ticket file, but
not by much)