[38008] in Kerberos
Re: Does KRB5_TRACE logging ever print sensitive info? (like
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jun 22 01:03:07 2017
To: pratyush parimal <pratyush.parimal@gmail.com>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <a9cf1fa8-0861-fc91-f036-491def2ba41f@mit.edu>
Date: Thu, 22 Jun 2017 01:00:36 -0400
MIME-Version: 1.0
In-Reply-To: <CALvRNOHOqGr+--w4dgxkGmR9r+7raR3tysTYho06GYuk77r5AQ@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 06/21/2017 11:03 PM, pratyush parimal wrote:
> I have experimented with kerberos trace logging in a test environment with
> commands like kinit, kadmin, and other programmatic calls to GSSAPI and
> never came across passwords or anything sensitive printed in the trace log.
> It mainly showed me what TGT requests were being made and who was the
> library sending requests to ( which is mainly what I wanted to know for
> debugging purposes). But I wanted to know if it could potentially print
> something sensitive that could lead to an account compromise or something
> comparable.
I don't believe we ever print passwords or full keys. We sometimes
print a small (four bytes of hex) SHA-1 hash of a key that someone could
match against the trace output of a different process.
The material in a trace log might be considered sensitive by some
definitions (filenames, principal names, etc.), but to the best of my
knowledge it shouldn't lead directly to account compromise.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
