[38034] in Kerberos
Re: Is a keytab file encrypted?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jul 21 17:50:45 2017
From: Russ Allbery <eagle@eyrie.org>
To: Charles Hedrick <hedrick@rutgers.edu>
In-Reply-To: <1B971B57-A17C-4F73-87D3-32E250DE4876@rutgers.edu> (Charles
Hedrick's message of "Fri, 21 Jul 2017 20:30:18 +0000")
Date: Fri, 21 Jul 2017 14:50:29 -0700
Message-ID: <87eft9jw7u.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Charles Hedrick <hedrick@rutgers.edu> writes:
> * A kerberized service where the user registers that they want to be
> able to do cron jobs on a given machine.
> * A kerberized pam module that calls the same service and gets back
> credentials, locked to the IP address, and at least by default not
> forwardable.
How does this address the problem raised on this thread? It's still the
case that if you become root on the host, you can just steal the keytab
used by that daemon and use it anywhere. This gives you enhanced
protection if you trust the boundary between non-root users and root, but
not if you don't trust the machine.
The point of the TPM is that you can't exfiltrate the keys, even if you
have root, only perform on-line operations.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
