[4370] in Kerberos
Re: Help After Install
daemon@ATHENA.MIT.EDU (Anthony J. Lill)
Sun Dec 18 17:56:18 1994
To: gord@enci.ucalgary.ca (Gordon Matzigkeit)
Cc: Tony.Lill@matrix.ajlc.waterloo.on.ca, kerberos@MIT.EDU
In-Reply-To: Your message of "Sat, 17 Dec 1994 16:26:41 MST."
<9412172326.AA26709@enci.ucalgary.ca>
Reply-To: Tony.Lill@ajlc.waterloo.on.ca
Date: Sun, 18 Dec 1994 17:41:29 -0500
From: "Anthony J. Lill" <ajlill@ajlc.waterloo.on.ca>
>>>>> "Gordon" == Gordon Matzigkeit <gord@enci.ucalgary.ca> writes:
Gordon> I think my plan of action is to wrap my main servers so
Gordon> that they will only allow ktelnetd and kftpd. Then, users
Gordon> can only access these machines via a kerberized client.
Gordon> Duh... I don't know why I didn't get it before.
Gordon> I only need to kerberize services that I want to serve on
Gordon> secure machines.
Gordon> So I could create a network:
Outside
----------------------+--------------
|
Gateway
| |
Kerberized--+ +--Unkerberized (outside)
physically secure not physically secure
Gordon> And have the gateway block all non-kerberos communication
Gordon> to the kerberized network.
Gordon> Then, from what I understand, I'd only have to implement
Gordon> Kerberos in servers that serve outside machines (like
Gordon> telnetd, ftpd).
Gordon> Am I wrong, or could I completely trust connections
Gordon> between machines internal to the Kerberized network?
Depends how much you trust your users not to do stupid or malicious
things, or for someone with or without internal help to get past your
gateway. The belt and suspenders method is to have the gateway, and to
also disable all non-kerberized servers on the secure net.
Gordon> Would it be a flaw to put something in hosts.equiv like: +
Gordon> as long I own and maintain all the machines in the
Gordon> Kerberized network, and am sure that my firewall gateway
Gordon> blocks any non-kerberos port traffic?
I personally believe that hosts.equiv is evil. A person can still do
lots of damage if they get hold of bin or sys or adm or a dozen other
accounts. As Don Davis pointed out in private email, once you've
installed the Kerberized rlogin/rcmd, it's secure enough to allow you
to do lots of admin remotely.
Gordon> This would be really nice.
How nice is it to have two sources of passwd information to maintain?
It would probably be easier to adminster if you Kerberized everything
on your secure net.
Of course, without knowing just what you're trying to accomplish, it's
very hard to say just how you should proceed. Security can mean
anything from your farourite blankie to a minefield.
--
Tony Lill, Tony.Lill@AJLC.Waterloo.ON.CA
President, A. J. Lill Consultants (519) 241 2461
539 Grand Valley Dr., Cambridge, Ont. fax/data (519) 650 3571
"I'm not a security expert, I just play one on the net"
