[16603] in Athena Bugs
Re: sun4 8.2.9: telnet
daemon@ATHENA.MIT.EDU (Aaron M. Ucko)
Thu Jan 14 12:20:46 1999
To: Owen W Ozier <ooze@MIT.EDU>
Cc: bugs@MIT.EDU
From: amu@MIT.EDU (Aaron M. Ucko)
Date: 14 Jan 1999 12:20:42 -0500
In-Reply-To: Owen W Ozier's message of "Thu, 14 Jan 1999 10:29:54 EST"
Here's what's going on:
When you log in initially to an Athena workstation, it usually stores
a hash of the first eight characters of your Kerberos password so that
you can use it to convince Kerberos-unaware programs running on that
workstation of your identity, and removes it when you log out.
Since Athena login software looks at those hashes (so it can deal with
local users, etc.) it is therefore possible to log in to a machine as
another user logged in to that machine provided that you know the
first eight characters of that user's password and the machine allows
multiple simultaneous logins (true for the dialups but not standard
public workstations).
While logging in this way doesn't get you tickets for that user
directly, it *does* let you steal them, so the issue is more
significant than you might think. I believe the dialup maintainers
are now looking into having the dialups no longer store hashed
password beginnings at all.
--
Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)
