[884] in Release_7.7_team
Re: why we should document forwardable tickets
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Mar 6 15:19:13 1997
Date: Thu, 6 Mar 1997 15:19:05 -0500
From: Greg Hudson <ghudson@MIT.EDU>
To: Mike Barker <mbarker@MIT.EDU>
Cc: release-team@MIT.EDU
In-Reply-To: "[883] in Release_7.7_team"
> The issue is that with forwardable, proxiable tickets (the new K5
> flavor), the opportunity created by leaving your workstation logged
> in is greater. E.g., suppose that you step away from your
> workstation "for just a couple of minutes." A "ticket grabber"
> could sit down, run a handy-dandy ticket forwarder, and then leave.
> When you come back, there may be no evidence that your tickets have
> been compromised, and that from another workstation, the "ticket
> forger" is busily using your tickets (YOUR IDENTITY!)
Please note that, in the 8.0 release, by obtaining a copy of your good
old non-forwardable Kerberos 4 tickets, I can access your files (AFS
does not check IP source addresses), send authentic zephyrgrams (by
forging the IP source address of my packets), and, if I can forge TCP
connections, do anything else I want as you. So the risks of leaving
a workstation unattended aren't really made worse in the 8.1 release.
