[7125] in Kerberos
Re: Dial-In Servers and Kerberos
daemon@ATHENA.MIT.EDU (Neil R. Henry)
Fri Apr 19 02:11:15 1996
To: kerberos@MIT.EDU
Date: Thu, 18 Apr 1996 09:50:02 GMT
From: nhenry@netcom.com (Neil R. Henry)
In article <Pine.SUN.3.91.960417160513.3468E-100000@acns.fsu.edu> houle@acns.fsu.edu (Art Houle) writes:
>On Wed, 17 Apr 1996, HARRY R. ERWIN wrote:
>> > It is, however, relatively easy to do kerberos over the a tty dialin, all
>> > you need to do is work out how your dialin `thing' is going to send
>> > Kerberos `packets' to your KDC.
>> >
>>
>> I know unencrypted dial-up access to a kerberized system means I'm already
>> damned.
>
>To steal info from someone elses dialup session, you need to tap the
>wires at the user premises, at the central office, at the answering
>equipment, or off the cables and none of these are easily avaiable.
>Then you need to de-modulate the stream of tones with a pair of compatible
>modems that has been hacked at the system-ROM level by someone with
>knowledge of internal modem design. Far easier to bribe someone for the
>information than find a team of talented technical conspirators.
>
>
>So it goes. Unfortunately, I've been given OpenVision Kerberos 5
>> running on a SPARC 5 and a second SPARC 5 running Solaris 2.4/5 and a 3Com
>> Access Control Server, and told to work it out. The 3Com stuff works with
>> OSF DCE and needs an HP server to do that.
>>
>> Harry Erwin, Internet: herwin@gmu.edu, Web Page: http://osf1.gmu.edu/~herwin
>> PhD student in computational neurosci and lecturer for CS 211 (advanced C++)
>>
>Art Houle e-mail: houle@acns.fsu.edu
>Academic Computing & Network Services Voice: 644-2591
>Florida State University FAX: 644-8722
>
This 3Com server (AccessBuilder?) also supports CHAP over the async link. This limits your exposure further, yes ?
