[5872] in Kerberos
Re: Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (Gary Gaskell)
Sun Sep 17 18:53:29 1995
Date: Mon, 18 Sep 1995 08:38:39 +1000 (EST)
From: Gary Gaskell <gaskell@dstc.qut.edu.au>
To: Marc Horowitz <marc@cam.ov.com>
Cc: kerberos@MIT.EDU, Mark Looi <mlooi@fit.qut.edu.au>
In-Reply-To: <MARC.95Feb8200043@dun-dun-noodles.cam.ov.com>
On 9 Feb 1995, Marc Horowitz wrote:
> >> Is it a security risk to let users have access to the 'kinit' command?
> >> Can't they sit and hammer it all day trying to break someone else's
> >> password by brute force?
That is one of our concerns with the first stage of the Kerberos
protocols. Anyone can get an initial TGT for anyone else, just
supposedly they cannot decrypt it, since they don't have the password.
To this end, we have designed a system with challenge/response protocols
to avoid this threat. We think that the pre-authentication system may
also bring in some scalibility or manageability problems. One of our
options uses Public-key crypto and another a zero knowledge proof. All
use smart cards. Look out for a paper or two, after our prototype works.
Gary
>
> /bin/login has the same security risk. I assume you make this
> available.
>
> >> On the other hand, the man page makes it sound like 'kinit' is a
> >> perfectly legitimate user command. Is there some built-in safe-guard
> >> to prevent brute force attacks?
>
> Check the log files to make sure there aren't a large number of
> requests for a given principal. In other words, no.
>
> In any case, do you allow ftp access to the outside? Do you allow
> floppy disks on the premises? Laptops? In any of these
> circumstances, there's nothing preventing a user from compiling his
> own kinit, and using that. It is also possible, by modifying kinit in
> a way I won't describe here, to do offline attacks which don't show up
> in the kerberos logs. This problem can be alleviated with kerberos
> v5's preauthentication feature, but such an environment would still be
> susceptible to snooping of the initial ticket and offline attacks on
> that.
>
> The moral of this story is to use good passwords, so brute force
> attacks aren't a real threat.
>
> Marc
>
regards
Gary Gaskell Cooperative Research Centre for
Research Scientist Distributed Systems Technology
DSTC Ph: 61 7 3864 1051
Level 12, ITE Building Fax: 61 7 3864 1282
Queensland University of Technology Email: gaskell@dstc.edu.au
Brisbane, Australia.
_________________________________________________________________
