[1014] in Kerberos
RE: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (bede@linus.mitre.org)
Fri Jun 15 12:51:37 1990
Date: Fri, 15 Jun 90 12:09:47 -0400
From: bede@linus.mitre.org
To: lunt@ctt.bellcore.com
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Steve Lunt's message of Fri, 15 Jun 90 09:30:20 -0400 <9006151330.AA28394@dduck.ctt.bellcore.com>
Date: Fri, 15 Jun 90 09:30:20 -0400
From: Steve Lunt <lunt@ctt.bellcore.com>
Although with a modified kpasswd you can screen passwords
which are set from your system, you cannot prevent a user from
contacting the Kerberos server independent of your kpasswd and
changing his password to something trivial. If the user has
a copy of the old kpasswd, he can simply use that. Notice
that kpasswd is not setuid.
Valid point, but I'm playing the game of preventing the Bad Guys from
trivially breaking password protection, as opposed to preventing a user
from doing something stupid. So if a user cobs up a back yard version of
(k)passwd for the sake of having a trivial password, there's not much I
can do but keep running my password cracker and freezing the login in
the hope that s/he eventually gets the message. In point of fact, I
do this already.
But we're drifting into general system administration matters here,
and Ted Anderson and others have raised some interesting questions more
germane to kerberos proper.
-Bede
