[970] in Kerberos_V5_Development
Re: proposed krshd option
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Mon Jan 22 11:09:24 1996
Date: Mon, 22 Jan 96 11:09:53 EST
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: krbdev@MIT.EDU
In-Reply-To: [967]
I propose two new options to krshd: an option (-e if not
taken) to require that the rsh connection be encrypted to be accepted,
and an option (-k if not taken) to require that the connection include
a checksum.
I'd suggest -E instead of -e to follow the previous convention (with
krlogind) of -k allowing Kerberos authentication and -K requiring it,
etc. You should also accept -X as a synomym for -E for the same
reason.
I'd vote for a letter other than "k" as the checksum argument, again
for similar reasons: -k isn't saying "accept Kerberos" which is what
it means with other programs. Perhaps -c. Or, by the previous
paragraph, -C.
I'm trying to prevent active attacks that
either prevent an authenticator from reaching the server, or
substitute part of the tcp stream to change the request. Yes, these
are much harder than passive replay attacks, but It's only about 45
lines on code, so I think it's worth it.
I absolutely agree. It is shameful that Kerberos is presently
vulnerable to an active IP attack.
Barry
