Caching credentials is disabled by default[1]. Even when credential caching is
enabled, the cache is only ever readable by root, the hashes are
*never* exposed to the system. FYI, the hash is a salted sha512.
Ah. Much better.
What leads you to believe the cached credentials can be
On Fri, 2014-02-28 at 14:42 +, Nordgren, Bryce L -FS wrote:
Caching credentials is disabled by default[1]. Even when credential caching
is
enabled, the cache is only ever readable by root, the hashes are
*never* exposed to the system. FYI, the hash is a salted sha512.
Ah. Much
On Fri, Feb 28, 2014 at 09:56:26AM -0500, Simo Sorce wrote:
On Fri, 2014-02-28 at 14:42 +, Nordgren, Bryce L -FS wrote:
Caching credentials is disabled by default[1]. Even when credential
caching is
enabled, the cache is only ever readable by root, the hashes are
*never* exposed
Hey everyone,
A couple of days ago I started getting the following message:
[jebalicki@slpidml01 ~]$ ipa cert-show 1
ipa: INFO: trying https://slpidml01.unix.xxx.com/ipa/xml
ipa: INFO: Forwarding 'cert_show' to server u'
https://slpidml01.unix.xxx.com/ipa/xml'
ipa: ERROR: Certificate operation
KodaK wrote:
Hey everyone,
A couple of days ago I started getting the following message:
[jebalicki@slpidml01 ~]$ ipa cert-show 1
ipa: INFO: trying https://slpidml01.unix.xxx.com/ipa/xml
ipa: INFO: Forwarding 'cert_show' to server
u'https://slpidml01.unix.xxx.com/ipa/xml'
ipa: ERROR:
Offline password caching is also optional and a different method.
In this case the actual password is maintained in the kernel keyring
in locked memory until the machine goes online and can acquire a TGT.
On success it is deleted.
however it doesn't really matter from an evil-root
Some further reading material about operating in a security model where you
accept that things are already compromised:
* CISecurity did a good job on the Kerberos benchmark that was written:
http://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=mitkerberos110.100
* Two Factor
On Fri, Feb 28, 2014 at 11:14 AM, Rob Crittenden rcrit...@redhat.comwrote:
KodaK wrote:
Hey everyone,
A couple of days ago I started getting the following message:
[jebalicki@slpidml01 ~]$ ipa cert-show 1
ipa: INFO: trying https://slpidml01.unix.xxx.com/ipa/xml
ipa: INFO: Forwarding
On Fri, 2014-02-28 at 17:27 +, Nordgren, Bryce L -FS wrote:
Am I overlooking something, or is this likely to be an effective means
of delegating small project support while sideboarding potential Evil?
Well, there area always caveats, mostly that you will find exceptions
you have to permit
KodaK wrote:
On Fri, Feb 28, 2014 at 11:14 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
KodaK wrote:
Hey everyone,
A couple of days ago I started getting the following message:
[jebalicki@slpidml01 ~]$ ipa cert-show 1
ipa:
On Fri, Feb 28, 2014 at 1:05 PM, Rob Crittenden rcrit...@redhat.com wrote:
KodaK wrote:
On Fri, Feb 28, 2014 at 11:14 AM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:
KodaK wrote:
Hey everyone,
A couple of days ago I started getting the
11 matches
Mail list logo
