[2854] in Kerberos
ksrvtgt: more problems than it's worth?
daemon@ATHENA.MIT.EDU (Mike Busby)
Tue Oct 12 18:53:39 1993
From: mcb@mach.eng.hou.compaq.com (Mike Busby)
To: kerberos@MIT.EDU
Date: Tue, 12 Oct 93 17:31:45 CDT
We have noticed that, in order to use the ksrvtgt command in version 4,
you either have to make /etc/srvtab world readable or become root. Also,
the ticket that you get, typically rcmd.local_machine, is only good
remotely if you put a entry like: rcmd.local_machine@DOMAIN on the
remote machine you want to access in the remote user home directory.
What this does is allow any user who runs ksrvtgt to become yourself on
the remote machine which is easily done within the 5 minute ticket
lifetime that ksrvtgt grants.
So, the question is, what is ksrvtgt good for other than providing a
gaping security hole? I am left with:
1. Changing the persmissions of /etc/srvtab to be world readable so that
non-root users can have access using ksrvtgt.
2. Making ksrvtgt suid and changing the permissions on /etc/srvtab
on the fly so that a TGT can be granted. But then, the ticket
file is owned by root, not the user. Of course, this could be
changed on the fly as well.
3. Having to grant access in ./klogin on the remote system in order
to use the command, thus opening up access to my accounts, etc.
It seems like using this is a catch 22.
Anyone have any suggestions?
--
------------------------------------------------------------------
Michael C. Busby | Unix System Support
System Engineer, Sr. | Design Environment/Automation
Compaq Computer Corporation | Internet: mcb@compaq.com
P.O. Box 692000 m/s 050701 | Uunet: uunet!cpqhou!michaelb
Houston, Texas, USA 77269-2000 | Phone: 713-374-5638
------------------------------------------------------------------
"Armadillos.... Texas speed bumps." Views/opinions are mine alone.
