[150] in Info-AFS_Redistribution
Re: authentication database vs. /etc/passwd ...
daemon@ATHENA.MIT.EDU (cball@bu-it.bu.edu)
Mon Jun 17 14:06:06 1991
To: nydick@psc.edu
Cc: cball@bu-it.bu.edu, Info-AFS@transarc.com, cball@bu-it.bu.edu
In-Reply-To: Your message of "Mon, 17 Jun 91 11:41:37 EDT."
Date: Mon, 17 Jun 91 13:10:23 -0400
From: cball@bu-it.bu.edu
What I want is to allow someone who has successfully logged in as a unix
user to set their kerberos password without negotiating with an account
administrator. It seems feasible to implement a mechanism which at least
requires a cracker to have the valid password. I would be equally happy
with a mechanism which allows existing users to create their own kerberos
entry and subsequently request AFS resources...
This seems preferable to the provided alternative in "USS add" which
simply defaults to setting a user's password to a known string. While
this is OK (just OK) in a departmental system, something better is needed
for shared systems. Negotiating new passwords whether over the phone or
in person is problematic with a user community of any size.
Finally, consider the exposure. The resource at risk here is just
kerberos authentication as a pre-existing user. If a cracker can spoof
them on the existing system, (s)he already has access! Assuming that the
real user expects to be getting a kerberos account and (subsequently?) an
AFS volume, it would seem that abuse would be quickly exposed even if
the perpetrator could not be caught.
-Charles
