[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On shisa and its password disclosure.

From: Mats Erik Andersson
Subject: On shisa and its password disclosure.
Date: Sun, 28 Oct 2012 18:02:04 +0100
User-agent: Mutt/1.5.18 (2008-05-17)

Dear all,

I am somewhat disturbed by that fact that the superuser
is able to execute

   # shisa -d --keys

thereby gaining access to all passwords for all principals
of the running KDC.

Contrast this to the situation with MIT Kerberos or Heimdal,
where a selected administrator is entrusted with the power to
inspect such secrecies, which the superuser is unable to access,
unless he was able to snoop the administrator's password.

Am I lacking some insight, or is there a security issue here?

Best regards,
  Mats Erik Andersson

reply via email to

[Prev in Thread] Current Thread [Next in Thread]