[4582] in Kerberos
Re: Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Wed Feb 8 20:29:12 1995
To: kerberos@MIT.EDU
Date: 09 Feb 1995 01:00:43 GMT
From: marc@cam.ov.com (Marc Horowitz)
>> Is it a security risk to let users have access to the 'kinit' command?
>> Can't they sit and hammer it all day trying to break someone else's
>> password by brute force?
/bin/login has the same security risk. I assume you make this
available.
>> On the other hand, the man page makes it sound like 'kinit' is a
>> perfectly legitimate user command. Is there some built-in safe-guard
>> to prevent brute force attacks?
Check the log files to make sure there aren't a large number of
requests for a given principal. In other words, no.
In any case, do you allow ftp access to the outside? Do you allow
floppy disks on the premises? Laptops? In any of these
circumstances, there's nothing preventing a user from compiling his
own kinit, and using that. It is also possible, by modifying kinit in
a way I won't describe here, to do offline attacks which don't show up
in the kerberos logs. This problem can be alleviated with kerberos
v5's preauthentication feature, but such an environment would still be
susceptible to snooping of the initial ticket and offline attacks on
that.
The moral of this story is to use good passwords, so brute force
attacks aren't a real threat.
Marc
