The client stores the user's password and secret key for a period of time until the client receives a ticket-granting-ticket from the ticket-granting-service. After receiving this ticket, the client can destroy the copy of the password and secret key since they no longer need to be used. There is no copy of a password file on a client. This reduces some of the vulnerability of an intruder copying the password file and using a dictionary attack to obtain passwords. The tickets stored on a client are vulnerable to attacks on the client. Kerberos assumes protection of the tickets on the client by having only one user logged into a client at a time and by limiting the lifetime of the ticket. However, if a user can log in as root, he can then su as another user currently logged into the client and obtain his tickets for use until the lifetime of the ticket expires.