[3664] in Kerberos
S/KEY integrated with Kerberos?
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Mon Aug 8 12:40:32 1994
Date: Mon, 8 Aug 1994 09:29:34 -0700
From: Clifford Neuman <bcn@ISI.EDU>
To: bf4grjc@bell-atl.com
Cc: kerberos@MIT.EDU
In-Reply-To: Ganesan's message of Mon, 8 Aug 1994 12:16:31 -0500 (EDT) <9408081616.AA21394@einstein.bell-atl.com>
From: bf4grjc@ISI.EDU (Ganesan)
Date: Mon, 8 Aug 1994 12:16:31 -0500 (EDT)
As far as I can see, you only need public-key when you do
NOT want to store X0 on the KDC.
That is correct, but as you said yoirself, if you store X0 on the KDC,
it is not really S/Key. My message was working form the assumption
that you really did want to use S/Key, and not store X0 on the KDC.
If you are willing to store X0, things are much easier.
But I do nto see what this has to do with having the kerberos secret
key [stolen] by a spoofed kinit. Under this assumption, you are anyway
totally compromised so nothing else matters anyway!
The advantage of integration of S/Key (or any other one time passcode
mechanisms including your stored X0 example) and Kerberos is that the
passphrase changes, so that a spoofed kinit does not provide an
attacker with information that may be used to perform subsequent
initial authentication as the user. When integrated with S/Key, the
stolen passphrase is equivalent to stealing credentials good for the
life of the tickets (and in fact that is precisely what such a
compromise allows). Without it, the attacker is free to impersonate
the user until the user changes his or her password.
~ Cliff
