[1018] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Wesley Craig)
Fri Jun 15 14:30:54 1990
Date: 15 Jun 90 17:01:37 GMT
From: apple!usc!samsung!umich!terminator!terminator.cc.umich.edu!wes@decwrl.dec.com (Wesley Craig)
To: kerberos@ATHENA.MIT.EDU
In article <9006150126.AA22710@E40-008-10.MIT.EDU> wesommer@ATHENA.MIT.EDU (Bill Sommerfeld) writes:
>Jon claims in his revised protocol that:
>
> there is no way to get an encrypted ticket to bang on without
> first proving to the server that you are who you claim to be.
>
>Sure there is. All I have to do is get a valid TGT, and then ask the
>KDC for a ticket to jik@ATHENA.MIT.EDU. The response will include a
>"ticket to jik", which will contain my name (and other things)
>encrypted in your key. I can then bang on the ticket all I want in
>the privacy of my own CPU.
This is interesting, but really not as bad as the problem Jon and I
talked about. The above *does* require a valid TGT, first. Biff, of
course, doesn't have a valid TGT. Unfortuately he doesn't need one,
either.
>Remember that in Kerberos there is no difference between users and
>servers.
If it weren't for the design flaws, getting a "ticket to jik" wouldn't
be a problem. I can't think of any added security you'd get be
splitting users and servers, under a working authentication protocol.
wes
