[4180] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (John Scudder)
Mon Nov 14 15:15:50 1994
To: kerberos@MIT.EDU
Date: 14 Nov 1994 20:04:42 GMT
From: jgs@yurt.merit.edu (John Scudder)
In article <3a8e1u$abj@lastactionhero.rs.itd.umich.edu>,
<Jim.Rees@umich.edu> wrote:
>In article <3a82pg$8qa@lastactionhero.rs.itd.umich.edu>, jgs@yurt.merit.edu (John Scudder) writes:
>
> I did some thinking about how one would integrate s/key into any
> Kerberos-like protocol and hit a wall: The assumption (with s/key) is
> that authentication strings ("passwords," s/key reponses) that the host
> sees are _not_ secret.
>
>Assuming you're willing to change the protocl, you would change the
>assumption. Instead of sending the S/key password in the clear, you would
>use it the same way Kerberos uses the secret key. Instead of sending it in
>the clear, you would use it to encrypt and decrypt the Kerberos challenge.
I can see that I didn't make the problem I'm trying to solve clear
enough: I need a way to authenticate securely to Kerberos from, e.g.,
a home dial-in over a (presumed to be) insecure medium.
Since the machine I'm sitting at is not running Kerberos itself
(imagine it's a vt100 connected to a modem dialed in to a terminal
server telnetted to my workstation) the workstation (call it "the
host") has to be where kinit is run. The telnet connetion is
over an insecure medium.
As you can see, standard kinit is insecure in this environment: My
cleartext password will be sent in the clear from my terminal to the
host.
The exact same problem exists with the s/key password if you use it as
a drop-in replacement for the cleartext password: It travels in the
clear to the host, so it can be tapped. Only the conversation between
the host and the authenticaton server is armored.
See also my other rants on this subject.
--John Scudder
