[278] in linux-security and linux-alert archive
Re: Secure Distributed Password System?
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Jul 7 08:38:48 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: alex@bach.cis.temple.edu (alex)
Date: Fri, 7 Jul 1995 08:56:00 +0100 (BST)
Cc: robert@aurora.carleton.ca, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.950705131307.5817A-100000@bach.cis.temple.edu> from "alex" at Jul 5, 95 01:16:57 pm
> Assuming that clients are diskless and/or there are Xterminals or just
> terminals attached to the network, I think that Kerberos is not a
> solution because:
>
> a) Bootp protocol is not kerberos aware i.e. it is a subject of
> spoofing
> b) Duing the login procedure packet sniffer will pickup a password
Diskless clients are ok - the snooper will see the nfs load of the program
not the password. Xterminals are.
Bootp doesnt matter. Someone can spoof bootp information, they can even get
a new machine on the net. They still have to know their kerberos password to
go any further.
Alan
