Storing Principal Profiles and Credentials

Kerberos Manager provides several options for storing your principal profile and credentials information: in a file, in memory, or hidden (in memory). You can choose a storage medium when you create a principal profile, or you can select a default setting that Kerberos Manager selects automatically each time you create a principal profile.

Storing Your Credentials in a File

Credentials files are stored in your default credential folder, and remain on the PC until you delete them. The default filename is principal@realm.cch.

An advantage of storing credentials in a file is that Kerberos Manager saves your principal profile settings (principal, realm, ticket lifetime) from session to session. The disadvantage is that anyone who finds the file on your PC can use your credentials until the ticket lifetime expires. If a person can guess your password, he or she can continue to use your credentials for access to kerberized services. Because Kerberos Manager creates a tab in its main window for each credentials file, these tabs are visible to anyone who opens Kerberos Manager on your PC while you're logged in.

NOTE:You can restrict access to credentials stored on your PC by implementing the NTFS file system.

For greater security, select the Memory or Hidden storage options.

Storing Your Credentials in Memory

If you store your credentials in memory, the Kerberos client automatically deletes them when you quit Kerberos Manager and all other kerberized applications. The tab representing the principal profile on the Kerberos Manager main window also disappears.

If the principal profile you choose as your default is stored in memory, the Kerberos client saves the profile information, but not your password, in your Windows registry.

For added security, you can hide credentials stored in memory by selecting the Hidden option.

Hiding Your Credentials from the Desktop

Hidden credentials are always stored in memory, do not display a tab on the Kerberos Manager main window, and are deleted when Kerberos Manager and all kerberized applications are closed.

Because you must know the name of the credentials storage, it is unlikely that someone else will find this information on your PC.

NOTE:To restrict access to credentials on your PC, you must implement the NTFS file system.