> For example, a shared operating system account where many people have installed their certificates.
Shared accounts are contrary to best practice since they preclude proper auditing of user actions in your environment. Avoid at all costs. > In my case, when I demonstrated this behavior to my security folks, they were concerned about this new behavior in IE8. Again, they should be more concerned about shared user accounts that this particular browser behavior. Browsers are getting ever more sophisticated with regard to features like concurrent session behavior and preservation of stateful data (e.g. cookies), and the trend is toward convenience at the expense of security. Google "browser.sessionstore.privacy_level" for another good example in that vein. Sharing a browser in the face of features like that is madness at best. (*cough* Safari on iPad *cough*) > I'm looking into writing an extra action in the login webflow to compare the TicketGrantingTicket cookie principal against the principal returned from looking up the certificate in my authentication store. > If they are not the same I will destroy the TicketGrantingTicket and display a message to the user that the certificate doesn't match the authentication credentials of the TicketGrantingTicket. Sounds like a reasonable mitigation technique. Just note the security/performance tradeoff. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
