[OpenAFS] Kerberos 5 cache in /tmp

John Rudd jrudd@ucsc.edu
Wed, 7 Apr 2004 19:08:29 -0700

On Apr 7, 2004, at 12:41 PM, Jeffrey Hutzelman wrote:
> This property is not new with krb5.  It follows directly from the UNIX 
> security architecture.
> If you do not trust the people who have privileged access to your 
> machine, then you have already lost.

I wonder how "capability" based OS'es might change that interaction 
(I've wondered about how kerberos might function in a capability 
environment in the past, but haven't been sure how to approach it ... 
and that goes for AFS as well).