>Why store tickets in the kernel, what's the point? Presumably you'd not >want anything other than TGTs in the kernel, so where do you cache >service tickets? Or do you want all tickets in the kernel? (Presumably >in pageable, accounted memory...).
Well, actually, I'd rather have the whole ticket cache in the kernel. I have personally seen attacks on the current file cache; right now we don't use a file cache, but the scheme we do use has some issues. One thing we were planning on doing was use the Linux kernel keyrings if/when they become suitable ... but of course those would only work under Linux. I know that putting the ticket cache in the kernel isn't 100% protection, but I think it's the best we can probably do on a multi-user Unix system. The caches I see are tiny, so I'm not too worried about size. Make it one of those adjustable kernel parameters. --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
