[4335] in Kerberos
Re: request for commentary on krb IV server mod
daemon@ATHENA.MIT.EDU (Ted Lemon)
Tue Dec 13 14:42:36 1994
To: john@iastate.edu (John Hascall)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "13 Dec 1994 15:36:27 GMT."
<3ckf1r$51p@news.iastate.edu>
Date: Tue, 13 Dec 1994 09:37:31 -0800
From: Ted Lemon <mellon@ipd.wellsfargo.com>
> However, if you've disabled the address checking, and just sent
> a TGT across the wire, haven't you just given the snooper something
> just about as good as a cleartext password?
Nope. The ticket you're forwarding is one you've acquired using your
forwardable TGT which is only good on the machine to which it's being
forwarded. Also, I believe it's encrypted in the telnet/rsh/rlogin
session key, although I admit I haven't looked into that.
_MelloN_
--
Ted Lemon Wells Fargo Bank, Information Protection Division
mellon@ipd.wellsfargo.com +1 415 477 5045
