[1010] in Kerberos
RE: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Steve Lunt)
Fri Jun 15 10:29:06 1990
Date: Fri, 15 Jun 90 09:30:20 -0400
From: Steve Lunt <lunt@ctt.bellcore.com>
To: linus.mitre.org!bede@bellcore.bellcore.com
Cc: athena.mit.edu!kerberos@bellcore.bellcore.com
Although with a modified kpasswd you can screen passwords which are set from your system, you cannot prevent a user from contacting the Kerberos server independent of your kpasswd and changing his password to something trivial.
If the user has a copy of the old kpasswd, he can simply use that. Notice that kpasswd is not setuid.
-- Steve
----- Begin Included Message -----
Date: Thu, 14 Jun 90 23:43:18 -0400
From: bede@linus.mitre.org
Subject: RE: Why is initial user authentication done the way it is?
...
At the risk of carrying the discussion off on a tangent: the issue of
dictionary-based password attacks is, at many sites, moot. For
example, we've rigidly enforced a rule here for about two years
prohibiting dictionary and various other "trivial" passwords for user
logins. The muscle behind the policy is provided by a rather simple
password cracker I wrote, plus a modified version of passwd (and Real
Soon Now, kpasswd).
In a sense, support for extensions is already in Kerberos, just as it
is for passwd, assuming you have the source code. In our case, aside
from the locally-produced lookup code, the total modification to
(k)passwd amounts to less than 50 lines, but could be *much* less than
that, of course.
Regardless of the merits of the encryption/authentication scheme used,
it just makes sense to discourage trivial attacks right from the start,
if at all possible.
-Bede McCall
Research Computing Facility
MITRE Corp. Internet: bede@mitre.org
MS A114 UUCP: {decvax,philabs}!linus!bede
Burlington Rd.
Bedford, MA 01730 (617) 271-2839
----- End Included Message -----
