[4474] in Kerberos
Re: Service Key file distribution
daemon@ATHENA.MIT.EDU (Scott Dawson)
Tue Jan 10 13:14:07 1995
To: bbutton@netcom.com (Brian Button)
Cc: kerberos@MIT.EDU, sdawson@engin.umich.edu
In-Reply-To: Your message of "Tue, 10 Jan 1995 14:11:36 GMT."
<BBUTTON.95Jan10061137@netcom18.netcom.com>
Date: Tue, 10 Jan 1995 13:03:00 -0500
From: Scott Dawson <sdawson@engin.umich.edu>
You can use Kerberos to get a secure distribution channel. You come up
with a special principal which will be used for srvtab distribution. When
you need to get a srvtab down to a machine initially, you walk to where the
machine is located, kinit as the distribution principal, and open a secure
connection (by running a client that you write) to a srvtab server (which
you also write). This server is kerberized, and you'd get a ticket for it
in the process of running the client. You then have a shared key which can
be used to send the srvtab across the wire from the server to client. You
then kdestroy, logout, and the machine is set up. This is as secure as the
password for the distribution account. You can actually use something like
sysctl to do the client/server stuff for you if you want.
For doing updates to the srvtab (i.e. adding/deleting principals), if
you assume that the srvtab always contains host/hostname.realm, you
can have a client which uses host/hostname.realm to get a secure
channel to the server and grab a new copy of the srvtab. The client
just does a ksrvtgt to host/hostname.realm. and then runs the client.
As long as the srvtab is not compromised, you can always "sync"
changes to the srvtab file securely. If the srvtab is compromised,
then you have to walk to the machine and type in the dist acct.
password again so that you can get to a secure starting point.
-Scott
