This is a hint to avoid a potential security issue caused by a standard system function (or feature). If you connect to a service on a remote server, you will be asked for your login and password. If you say No to the 'Remember this password in my keychain' dialog, you may wonder why you will not be asked for your login and password next time you connect to the service.
In my case, I wanted show a remote service like VNC to a colleague while he was logged in on the local machine. I disconnected from the service and was able to connect to it again without being prompted for my login and password. This can be a security issue for many reasons, e.g. working on someone else's account etc.
Solution: To prevent reconnecting without a password, you need to delete the Kerberos Ticket that was created while connecting to the service the first time. This ticket expires after a certain amount of time (10 hours by default), but I guess a ticket that grants access for 10 hours is not what most people expect when telling the system not to remember their login/password for the service. At the least, I'd expect to see a warning about the 10-hour ticket being created.
To delete the ticket, open Keychain Access (in the Applications » Utilities folder) and choose Keychain Access » Kerberos Ticket Viewer from the menu. (The viewer is a actually a separate application, located in /System » Library » CoreServices.). In the viewer, delete the listed ticket associated with the service. By the way, the Kerberos Ticket Viewer program has many preferences, e.g. to set the default time of 10 hours to less, that you can set in the program's Preferences screen.
In my case, I wanted show a remote service like VNC to a colleague while he was logged in on the local machine. I disconnected from the service and was able to connect to it again without being prompted for my login and password. This can be a security issue for many reasons, e.g. working on someone else's account etc.
Solution: To prevent reconnecting without a password, you need to delete the Kerberos Ticket that was created while connecting to the service the first time. This ticket expires after a certain amount of time (10 hours by default), but I guess a ticket that grants access for 10 hours is not what most people expect when telling the system not to remember their login/password for the service. At the least, I'd expect to see a warning about the 10-hour ticket being created.
To delete the ticket, open Keychain Access (in the Applications » Utilities folder) and choose Keychain Access » Kerberos Ticket Viewer from the menu. (The viewer is a actually a separate application, located in /System » Library » CoreServices.). In the viewer, delete the listed ticket associated with the service. By the way, the Kerberos Ticket Viewer program has many preferences, e.g. to set the default time of 10 hours to less, that you can set in the program's Preferences screen.
•
[11,028 views]

