[372] in Kerberos
More on Kerberos questions
daemon@TELECOM.MIT.EDU (Steven Miller)
Tue Apr 26 11:40:34 1988
From: spm%lyre.DEC@DECWRL.DEC.COM (Steven Miller)
To: jordan@ucbarpa.berkeley.edu, kazar+@andrew.cmu.edu
The net (Internet) address in the ticket is used, as Bill stated,
to inhibit replay attempts. The receiver checks
the address sealed in the Kerberos ticket against the address received from.
Using a host name is both much more expensive (to encrypt more data) and
not as strong a deterrent, since it is easier to forge.
Multiply-homed hosts are currently a problem if different addresses are
used when requesting tickets than when requesting authorizations.
This was an oversight in the design.
On the second question, the server's complete name must be included in the
ticket. Note that there are no rules prohibiting running multiple Kerberos
mediated servers with
the same crypto keys, or running multiple Kerberos-mediated servers in a
single process. So the server name is required to assure that the correct
service is represented, regardless of these "packaging" issues. The service
name will-- but is not necessary to -- ensure that the ticket was unmodified
and properly decrypted. Errors in other fields could detect such errors.
Steve
