[5681] in Kerberos
Preauthentication
daemon@ATHENA.MIT.EDU (Glenn Machin)
Fri Aug 11 17:18:39 1995
From: Glenn Machin <gmachin@sahp044.sandia.gov>
To: kerberos@MIT.EDU
Date: Fri, 11 Aug 95 15:07:44 MDT
A fellow worker was going through the Beta 5 code and noticed
that preauthentication data (padata) is set to 0, in all cases.
The code showed something like:
if (1) {
set padata = 0
}
else {
obtain padata;
}
I thought the padata being set to a timestamp with some randomness
attached, was useful in that it prevented someone from getting someone
elses tgt and breaking the encryption at leasure. With an encrypted
padata, the KDC could determine whether or not the requestor actually
knew the password, and do blacklisting if need be. OSF DCE security
server (1.1) uses it. Why didnt MIT at least ifdef that area?
Did I miss something?
Glenn Machin
