Heads-up: Kerberos default user credential cache location is changing
sgallagh at redhat.com
Mon Jun 25 13:00:02 UTC 2012
On Fri, 2012-06-22 at 09:36 +0100, David Howells wrote:
> Stephen Gallagher <sgallagh at redhat.com> wrote:
> > 1) Credential caches are now stored in a tmpfs location. This is a
> > security feature, as a stolen laptop may not be booted in single-user
> > mode to extract a valid TGT.
> Is it? Can't tmpfs move stuff arbitrarily out to swap?
Ah, true. This could happen in a low-memory case. I should perhaps
revise this statement then to be "This is a security feature, as a
stolen laptop booted in single user mode will have a much more difficult
time of extracting a valid TGT".
This of course can be further mitigated by the use of encrypted swap
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part
More information about the devel