[37629] in Kerberos
Kerberos and HTTP / HTTPS - Could Kerberos tickets be intercepted
daemon@ATHENA.MIT.EDU (Eichhorn, Thomas)
Tue Aug 23 02:24:21 2016
From: "Eichhorn, Thomas" <Thomas.Eichhorn@klinikum-nuernberg.de>
To: "'kerberos@mit.edu'" <kerberos@mit.edu>
Date: Tue, 23 Aug 2016 06:24:02 +0000
Message-ID: <CB77FE5A1D7BA34FBC22A5829EB549113B46D29F@KNEXCH3.klinikum-nuernberg.de>
Content-Language: de-DE
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi,
We use Kerberos for SSO in our local intranet. We followed this tutorial: http://www.grolmsnet.de/kerbtut/
Everything works just fine.
I have a question about security:
Our intranet sites are delivered with HTTP. Can someone intercept the Kerberos ticket and use it for himself?
Thanks in advance
Thomas
________________________________
Klinikum Nürnberg, Sitz: Nürnberg, Amtsgericht Nürnberg -Registergericht- HRA 14190, Vorstand: Dr. Alfred Estelmann
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
