[5873] in Kerberos
Re: Should I restrict 'kinit' access
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Sun Sep 17 21:34:13 1995
To: Gary Gaskell <gaskell@dstc.qut.edu.au>
Cc: kerberos@MIT.EDU, Mark Looi <mlooi@fit.qut.edu.au>
In-Reply-To: Your message of "Mon, 18 Sep 1995 08:38:39 +1000."
<Pine.OSF.3.91.950918083307.797F-100000@typhoon.dstc.qut.edu.au>
Date: Sun, 17 Sep 1995 21:21:59 EDT
From: Marc Horowitz <marc@MIT.EDU>
>> That is one of our concerns with the first stage of the Kerberos
>> protocols. Anyone can get an initial TGT for anyone else, just
>> supposedly they cannot decrypt it, since they don't have the password.
This is what preauthentication in krb5 is intended to prevent.
>> To this end, we have designed a system with challenge/response
>> protocols to avoid this threat. We think that the pre-authentication
>> system may also bring in some scalibility or manageability problems.
>> One of our options uses Public-key crypto and another a zero knowledge
>> proof. All use smart cards. Look out for a paper or two, after our
>> prototype works.
I don't understand your concern about the manageability of
preauthentication. In particular, I'm curious why you didn't
implement your "options" as kerberos preauthentication mechanisms.
All of them seem like really useful things to have more widely
available; they'd certainly be more useful and secure than encrypted
timestamps.
Marc
