[1892] in Kerberos
kerberos with no encryption
daemon@ATHENA.MIT.EDU (Todd Matthews)
Wed May 6 20:17:24 1992
Date: Wed, 6 May 92 16:35:00 PDT
From: todd@mls1.hac.com (Todd Matthews)
To: kerberos@Athena.MIT.EDU
I compiled kerberos originally with NOENCRYPTION since the DES library
was not present and also to make it easier to debug.
When I finally got kerberos up and running I started to test it. I was
able to use KINIT with the wrong password and still get a ticket. Then it
let me log on to the remote server (all without using the proper kerberos
password!!). We think this is because the password i snot actually
checked, it is used to encrypt the ticket. Since the there is no
encryption the ticket will always be valid, regardless of the password.
You have probably found this out yourself, but it seems that with no
encryption kerberos is wide open, and probably can not be used.
Todd Matthews
Phone: (714) 732-7240
EMail: todd@mls1.hac.com
PS: Is there any better installation documentation around anywhere?
