[3909] in Kerberos
Re: hierarchical realms
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Fri Sep 23 13:50:50 1994
To: kerberos@MIT.EDU
Date: Fri, 23 Sep 1994 11:13:18 -0400
From: John Gardiner Myers <jgm+@CMU.EDU>
eichin@MIT.EDU (Mark W. Eichin) writes:
> It isn't any more prone to spoofing
> than the address of the machine itself would be...
The security consequences of such spoofing are higher though.
If an attacker spoofs the address of the machine itself, he still
can't defeat mutual authentication.
If, however, the attacker can spoof the kerberos identity the client
authenticates to, he can pick an instance and/or realm for which he
has a private key. This then makes mutual authentication practically
useless.
