[17592] in Kerberos_V5_Development
Re: clock skew and preauth
daemon@ATHENA.MIT.EDU (Tom Yu)
Sun Apr 15 23:52:38 2012
To: Greg Hudson <ghudson@mit.edu>
From: Tom Yu <tlyu@mit.edu>
Date: Sun, 15 Apr 2012 23:52:30 -0400
In-Reply-To: <4F8B4DC4.2020306@mit.edu> (Greg Hudson's message of "Sun,
15 Apr 2012 18:37:56 -0400")
Message-ID: <ldv1unoz62p.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: Stef Walter <stefw@gnome.org>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Greg Hudson <ghudson@MIT.EDU> writes:
> I have one concern about this approach, which is that an attacker could
> create a false log entry for a successful preauthentication on the KDC
> by forging the timestamp in a preauth-required error. That is, you
> attempt to kinit at noon; I forge a timestamp of 11pm in the
> preauth-required error and capture your preauthenticated request; then
> at 11pm I send that request to the KDC to make it look like you
> authenticated at that time.
>
> This isn't necessarily a serious enough vulnerability to worry about
> (when the alternative is for preauth to just fail with skewed clocks),
> but I want to raise the issue before taking the patch.
I think it's OK as long as we clearly communicate the auditing
consequences in our documentation and elsewhere. Does anyone see a
security consequence besides auditing?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
