"Boyd Stephen Smith Jr." <[email protected]> writes: > Russ Allbery wrote:
>> But yes, you don't want to get Kerberos tickets on an insecure system. > I thought tickets only lasted for a small period of time, and could be > expired early if need be so that you could use them on insecure > machines. True, you can get limited-lifetime tickets, which is a bit safer since any attacker would have to use them right away. If you can get them without exposing your key material (using PKINIT, for instance), that could be a possible solution. You obviously don't want to get password-based tickets from an untrusted machine. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
