On shisa and its password disclosure.

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On shisa and its password disclosure.

From:	Mats Erik Andersson
Subject:	On shisa and its password disclosure.
Date:	Sun, 28 Oct 2012 18:02:04 +0100
User-agent:	Mutt/1.5.18 (2008-05-17)

Dear all,

I am somewhat disturbed by that fact that the superuser
is able to execute

   # shisa -d --keys

thereby gaining access to all passwords for all principals
of the running KDC.

Contrast this to the situation with MIT Kerberos or Heimdal,
where a selected administrator is entrusted with the power to
inspect such secrecies, which the superuser is unable to access,
unless he was able to snoop the administrator's password.

Am I lacking some insight, or is there a security issue here?

Best regards,
  Mats Erik Andersson

[Prev in Thread]

Current Thread

[Next in Thread]

On shisa and its password disclosure., Mats Erik Andersson <=
- Re: On shisa and its password disclosure., Russ Allbery, 2012/10/28
  - Re: On shisa and its password disclosure., Mats Erik Andersson, 2012/10/28
    - Re: On shisa and its password disclosure., Russ Allbery, 2012/10/28

Prev by Date: Re: Put a limit to ticket life span.
Next by Date: Re: On shisa and its password disclosure.
Previous by thread: Put a limit to ticket life span.
Next by thread: Re: On shisa and its password disclosure.
Index(es):
- Date
- Thread