[996] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Thu Jun 14 16:40:24 1990
From: jon@MIT.EDU (Jon A. Rochlis)
To: Steve Lunt <lunt@CTT.BELLCORE.COM>
Cc: apollo.com!pato@BELLCORE.BELLCORE.COM, kerberos@MIT.EDU
In-Reply-To: Your message of Thu, 14 Jun 90 14:36:04 -0400.
Date: Thu, 14 Jun 90 15:17:51 EDT
You have this vulnerability with the current
Kerberos TGT request protocol if you configure your login program to use
the reply from Kerberos rather than the password in /etc/passwd for
authentication. The workstation needs some way of knowing that it is
talking
to the real Kerberos. It could use it's secret (in /etc/srvtab) for this
purpose (requiring a change in the TGT request protocol.
Making use of the TGT so a workstation knows it's not been spoofed by
a fake KDC is quite reasonable, *if* the workstation has a secret
(i.e. a srvtab). It doesn't work well in a public workstation model,
where there are no secrets on workstations.
-- Jon
