[119] in Zephyr_Comments
Re: inconsistent Kerberos behavior
daemon@ATHENA.MIT.EDU (John T Kohl)
Wed Oct 26 16:50:44 1988
Date: Wed, 26 Oct 88 16:50:25 EDT
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: zephyr-comments@ATHENA.MIT.EDU, Jerome H Saltzer <Saltzer@ATHENA.MIT.EDU>
In-Reply-To: zephyr-comments:[0113]
Date: Mon, 24 Oct 88 15:01:07 EDT
To: zephyr-comments@ATHENA.MIT.EDU
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
If my tickets expire, Zephyr allows me to continue to send notices,
which are then labeled "UNAUTHENTIC" when they arrive at the
recipient's window. But if I don't have any tickets at all (e.g., do
a kdestroy) then Zephyr complains that it can't find a ticket file
and it doesn't send a notice at all. This seems inconsistent; why
shouldn't lack of tickets merely produce unauthentic messages?
The inconsistency arises because the Kerberos library does not tell
clients that the tickets they are about to present to a server have
expired, coupled with the Zephyr server's handling of
claim-to-be-but-aren't-authentic notices.
The client, zwrite, just sends stuff off to the server, and since it
finds tickets, krb_mk_req doesn't complain at all, even if the tickets
have expired. [If there is no ticket file, the krb_mk_req complains,
and so does zwrite.]
The server, when it receives an "authentic" notice, asks krb_rd_req for
an answer. If it says "ok" the server processes it as authentic. If it
says "not ok" it processes it as unauthentic. It doesn't reject it
out-of-hand unless there is some access control which requires that the
notice be authenticated.
John
