[4368] in Kerberos
Re: Help After Install
daemon@ATHENA.MIT.EDU (Gordon Matzigkeit)
Sat Dec 17 18:38:51 1994
Date: Sat, 17 Dec 94 16:26:41 MST
From: gord@enci.ucalgary.ca (Gordon Matzigkeit)
To: Tony.Lill@ajlc.waterloo.on.ca
Cc: kerberos@MIT.EDU
In-Reply-To: <199412172148.VAA02350@matrix.ajlc.waterloo.on.ca> (ajlill@ajlc.waterloo.on.ca)
Thanks, first of all, for your reply.
>>>>> "Tony" == Anthony J Lill <ajlill@ajlc.waterloo.on.ca> writes:
>>>>> "Gordon" == Gordon Matzigkeit <gord@enci.ucalgary.ca> writes:
Gordon> What advantages can Kerberos offer me... is proof of identity
Gordon> and data integrity across hostile networks the only benefit?
Tony> That's all.
Gordon> How big and hostile does my network have to be, how tolerant
Gordon> do my users have to be, and how paranoid do I have to be to
Gordon> want Kerberos? (Is there a simple order-of-magnitude answer
Gordon> for this question?)
Tony> Compare the effort of replacing all your network programs with
Tony> the kerberized ones with the effort of recovering from a
Tony> security breach. As far as the users are concerned, they are
Tony> still using telnet, ftp, ... and shouldn't be aware of the fact
Tony> that they are calling Kerberos API's (unless you want to
Tony> complicate your life and use multiple realms)
Hmm... that's sounding better than it first seemed to me.
(Please forgive my limited knowledge of Kerberos.)
I think my plan of action is to wrap my main servers so that they will
only allow ktelnetd and kftpd. Then, users can only access these
machines via a kerberized client.
Duh... I don't know why I didn't get it before.
I only need to kerberize services that I want to serve on secure
machines.
So I could create a network:
Outside
----------------------+--------------
|
Gateway
| |
Kerberized--+ +--Unkerberized (outside)
physically secure not physically secure
And have the gateway block all non-kerberos communication to the
kerberized network.
Then, from what I understand, I'd only have to implement Kerberos in
servers that serve outside machines (like telnetd, ftpd).
Am I wrong, or could I completely trust connections between machines
internal to the Kerberized network?
Would it be a flaw to put something in hosts.equiv like:
+
as long I own and maintain all the machines in the Kerberized network,
and am sure that my firewall gateway blocks any non-kerberos port
traffic?
This would be really nice.
Tony> -- Tony Lill, Tony.Lill@AJLC.Waterloo.ON.CA President,
Tony> A. J. Lill Consultants (519) 241 2461 539 Grand Valley Dr.,
Tony> Cambridge, Ont. fax/data (519) 650 3571
If you're a security consultant, or you know one, maybe I can get the
department to splurge and do a consultation.
Tony> "Welcome to All Things UNIX, where if it's not UNIX, it's
Tony> CRAP!"
--Gord
--
Gordon Matzigkeit | J: Nap besusson. Tundokoljon a te varad!
gord@enci.ucalgary.ca | B: Nem tundokol az en varam.
