[926] in Kerberos
login authentication
daemon@ATHENA.MIT.EDU (Greg Wohletz)
Fri May 4 04:39:34 1990
To: kerberos@ATHENA.MIT.EDU
Date: Thu, 03 May 90 14:13:45 -0700
From: Greg Wohletz <greg%duke.cs.unlv.edu@RELAY.CS.NET>
In login.c is the following comment:
Policy: If local password is good, user is good.
We really can't trust the Kerberos password,
because somebody on the net could spoof the
Kerberos server (not easy, but possible).
Some sites might want to use it anyways, in
which case they should change this line
to:
if (kpass_ok)
shouldn't login be able to do mutual authentication and avoid this problem?
Or am I missing something?
It seems to me that being able to use the kerberos password to verify the
user is a big win.
--Greg
