[6697] in Kerberos
Re: Is this a feature
daemon@ATHENA.MIT.EDU (Stephen C. Trier)
Mon Feb 19 10:44:12 1996
From: trier@odin.INS.CWRU.Edu. (Stephen C. Trier)
Date: Mon, 19 Feb 1996 10:30:52 +0000
In-Reply-To: hartmans@MIT.EDU (Sam Hartman)
"Re: Is this a feature" (Feb 17, 11:31am)
To: hartmans@MIT.EDU (Sam Hartman), wes@prozac.student.cwru.edu (Wes Brown)
Cc: kerberos@MIT.EDU
On Feb 17, 11:31am, Sam Hartman wrote:
> Any principal you put in root's .klogin file can login as
> root; this is the entire purpose of the .klogin file.
Since I've been wondering about root's .klogin myself, let me rephrase
the question: Is is a good idea to make use of this feature?
Traditionally, one doesn't allow direct login as root. Instead, one
requires an su. As I recall, this restriction is used to prevent
direct attacks on root's password over a network connection. It's also
used to provide marginally better accountability for root.
Using ksu satisfies those requirements, but risks exposing the password
if the user forgot to encrypt the connection. Doing direct Kerberized
logins avoids the direct-attack problem, but it doesn't provide the
accountability.
Is this picture correct? Am I missing something? How do other sites
use Kerberos to control root access? Do you use direct login or ksu?
Stephen
--
Stephen Trier "All coordination will be done electronically over the
trier@ins.cwru.edu Internet, a futuristic communications network of networks
KG8IH that, we are told, will one day revolutionize something
or other." - mini-AIR #1996-02
