[1334] in Kerberos
Re: setup of kerberos
daemon@ATHENA.MIT.EDU (Joseph Pallas)
Mon Apr 8 19:43:39 1991
Date: 8 Apr 91 19:54:11 GMT
From: pallas@eng.sun.com (Joseph Pallas)
To: kerberos@shelby.Stanford.EDU
In <9104062139.AA09007@tsx-11.MIT.EDU> tytso@ATHENA.MIT.EDU (Theodore
Ts'o) writes:
>The reason behind this is of security. Kerberos tickets are only
>good on one host, so that if someone steals your tickets, they can
>only use them to compromise you on the host they originally came
>from.
Unless, of course, the thief has the skills of a typical
undergraduate.
>Both using kinit and rkinit require that you type your password over
>again, but that's the price you pay for security.
Funny, I thought the whole point of Kerberos's Ticket-Granting Ticket
was so you don't have to type your password all the time. Where does
the price of security go in that case?
>In Kerberos Version 5, "forwardable" tickets can be created (although
>the KDC can be compiled to disallow them, depending on the site
>policies) which allow you to forward tickets from Host A to Host B
>without needing to type your password over again. Of course, this opens
>up a minor security hole, but some users demand convenience at any
>cost....
It's hard to see how this "opens up" a security hole. Either Kerberos
depends on host addresses or it doesn't. If it does, there's a
security hole. If it doesn't, forwarding tickets won't create one.
joe
