[5666] in Kerberos
Re: authentication secure?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Aug 11 02:53:11 1995
To: jwb@wilbur.hhisland.com (Joe Beiter)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "10 Aug 1995 22:30:28 EDT."
<40efc4$8pm@wilbur.hhisland.com>
Date: Fri, 11 Aug 1995 02:42:42 EDT
From: Sam Hartman <hartmans@MIT.EDU>
>>>>> "Joe" == Joe Beiter <jwb@wilbur.hhisland.com> writes:
Joe> Since we're the phone company I'm not worried about the lines
Joe> being secure (as Sam pointed out). We are considering having
Joe> a remote access site that is carried through another network
Joe> provider thus I'm concerend about someone being able to view
Joe> the packets of the router validating a user on the master
Joe> server over "open net".
The actual exchange between the terminal server and the
Kerberos server is as secure as Kerberos gets. I.E. it is the intent
of Kerberos to make this exchange secure--this is the core function
Kerberos tries to perform. Known limits on this security include the
limited strength of DES, the quality of the shared secrets (how good
are your passwords), and other key management issues.
What I would be more worried about is the data at the remote
sight. Say a user logs into the terminal server, uses Kerberos for
authentication, then connects to some central service. The
authentication--the transaction between the terminal server and
Kerberos server is secure. This isn't particularly impressive if the
communications between the user and the service that the user is
dialing into through the terminal server are unencrypted. This is
especially true if the user uses the same password on the remote
server as they do to get into the terminal server.
Honestly, to make any reasonable statements about your network
security, you should spend some time learning what the capabilities of
your terminal server and host computers are. Read the manuals,
investigate, possibly even look at traffic with tcpdump or something.
Finally, keep in mind that your greatest security problem will be
caused by social factors; if George's password is george, there's
nothing in the world that can make his account secure.
--Sam
