[477] in Kerberos_Protocol

home help back first fref pref prev next nref lref last post

Re: Ticket extensions in Kerberos revisions

daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu May 4 00:19:18 2000

Message-Id: <200005040419.AAA05937@ginger.cmf.nrl.navy.mil>
To: cat-ietf@MIT.EDU, krb-protocol@MIT.EDU
In-Reply-To: Your message of "Wed, 03 May 2000 14:40:10 EDT."
             <20000503144009.W1094@sm2p1386swk.wdr.com> 
Date: Thu, 04 May 2000 00:19:04 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>

>In Windows 2000 you don't have to do that. I think it's security
>advantage not to have to run services with priviledges, though it's not
>a perfect solution wrt untrusted software.

You're forgetting one thing - Kerberos was designed to authenticate
principals _across a network_, not through a third party on the same
machine.  If it's on the same machine, it's explicitly outside of the
Kerberos design criteria.

(It makes me wonder why the third-party app couldn't pass ticket +
authenticator to a system service, where _he_ could verify it and give
the appropriate privs to the third-party app).

--Ken

home help back first fref pref prev next nref lref last post