[1713] in Kerberos
Re: protocol question
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Jan 16 12:29:05 1992
Date: Thu, 16 Jan 92 11:35:21 -0500
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: marantz@cs.rutgers.edu
Cc: kerberos@Athena.MIT.EDU, marantz@cs.rutgers.edu
In-Reply-To: marantz@cs.rutgers.edu's message of Thu, 16 Jan 92 11:08:18 EST,
Reply-To: tytso@Athena.MIT.EDU
Date: Thu, 16 Jan 92 11:08:18 EST
From: marantz@cs.rutgers.edu
As part of our migrating to kerberos (version 5) I'm hacking pwdauthd
I was hoping to have pwdauthd talk to the TGS using the pwdauthd
ticket and ask for a TGT for the user by supplying the user's
password. I think this could be used to replace the whole procedure
mentioned above.
No, you really don't want to do this!!!!
If you do this, then an attack can spoof the Ticket Granting Service and
replace the response from the TGS with something that *looks* like a
Ticket-Granting-Ticket encrypted in a password of the attacker's choice.
Now, the attacker types this password which he's chosen, and the pwauthd
will decrypt it, and (surprise, surprise) it looks valid. The pwauthd
can only make sure that TGT is valid by using it to authenticate itself
using a rcmd service.
As I've said a million times before; Kerberos wasn't designed to do
password authentication. It was designed to do network authentication.
If you use it as network authentication, the fact that you have a bogus
TGT will show up the moment you try to use it to authenticate yourself
over the network. But if you use it to do password authentication ---
that is, you make an authorization decision based of the fact that the
user has obtained something that looks like a TGT, you will be opening
yourself wide open unless you are being very careful.
- Ted
