[1272] in Kerberos
Re: srvtab on client machines
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Mar 1 20:59:17 1991
Date: Fri, 1 Mar 91 17:16:21 -0500
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: qjb@ATHENA.MIT.EDU
Cc: "Galina Kofman" <GALINA@IBM.COM>, kerberos@ATHENA.MIT.EDU
In-Reply-To: Emanuel 'Jay' Berkenbilt's message of Fri, 1 Mar 91 16:46:39 -0500,
Reply-To: tytso@ATHENA.MIT.EDU
From: qjb@ATHENA.MIT.EDU
Date: Fri, 1 Mar 91 16:46:39 -0500
Actually, we often don't bother sending the srvtab over
encrypted at all. We often simply copy the srvtab into a
protect filesystem and copy it to the machine all in the clear.
Then, once it's there, we run
krsvutil change
to change the keys via the admin protocol. This is analogous to
giving a user an initial password and telling him/her to change
it immediately.
People should note that, under this method, it is theoretically possible
for someone with a Network sniffer to grab the srvtab as it passes by
via FTP or NFS traffic, and then be able to use the knowledge of that
key to figure out what the service key was changed to by spying on the
ksrvutil's protocol exchange with the admin server. So this method
doesn't really add that much security against a really determined (and
knowledgable) attacker.
People may want to decide that this amount of security is "good enough";
but they should be consciously aware of this decision.
- Ted