[5102] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Telnet and login (Kerberos 4)

daemon@ATHENA.MIT.EDU (Joe Kovara)
Fri May 5 16:29:14 1995

To: kerberos@MIT.EDU
Date: Fri, 5 May 1995 11:52:21 -0700
From: Joe Kovara <joek@CyberSAFE.COM>

On 4 May 1995, Donald T. Davis wrote:
> generally, it's not a good idea to propagate tickets to the
> remote site automatically, because a telnet server is usually
> a shared host, and therefore can't be trusted to protect the
> remote tickets from other users. if kerberos' proxy mechanism
[...]

To say that a "shared" (multi-user?) system is implicitly untrustworthy is
incorrect. A shared system is--all things being equal--no better or worse
than any other type of system at protecting resources.  In fact, a shared
system may have much better security.  I would trust a well managed
compartmentalized shared system far more than the typical single-user
workstation you find on most desks. 

The original question implied that Kerberos credentials were needed on the
remote system. If you need credentials on the remote system, you have two
choices: forward the credentials to the remote system or do a kinit on the
remote system. If the remote host isn't trusted, then you shouldn't do a
kinit there; if the remote system has has been compromised, doing a kinit
there exposes your password, and not just a ticket. If you need
credentials on the remote machine, it is far better to forward them than
to do a kinit. 


Joe Kovara / Product Development Manager / CyberSAFE / joek@cybersafe.com

home help back first fref pref prev next nref lref last post