[OpenAFS] Kerberos 5 cache in /tmp

[Russ Allbery]

Rodney M Dyer <rmdyer@uncc.edu> writes:

> At least on Windows the MIT Kerberos for Windows comes with an in-memory
> credentials cache.  You would think that would have happened on Unix by
> now.

Why is an in-memory credentials cache managed by a daemon that other
processes talk to any more secure than a file in /tmp?  root can still
masquerade as any other user and get any user's tickets.

Defending against root is really pointless.  Remember that root can
install a keyboard sniffer or trojan all of the binaries.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>