[131] in Kerberos
Re: Authentication forwarding
jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:32:06 1987
From miller%erlang.DEC@decwrl.DEC.COM Sat Oct 25 08:20:20 1986
Date: 23-Oct-1986 1004
From: miller%erlang.DEC@decwrl.DEC.COM (Steve Miller)
To: kerberos@athena.mit.edu, srz@athena.mit.edu (Distribution list @KERB),
miller%erlang.DEC@decwrl.DEC.COM
Subject: Re: Authentication forwarding
It could work similar to the manner in which rcmd works. That is, starting
at host A, you request a ticket from Kerberos to talk to the forwarding
service on host B. The forwarding server is akin to the rcmd stuff. Then
you make a standard authenticated request (mk_ap_req) to the forwarding
service on host B. Thus A and B now share a session key. Then, from A,
you ask Kerberos for another ticket-granting-ticket, but as if you were
from host B (or this could be done earlier). Kerberos replies with that
ticket, but to the requesting host A. Then host A, using the session key
just setup with the forwarding service, securely (mk_private_msg or
mk_safe_msg) transfers that new ticket to host B. Host B installs the
ticket in a ticket file, as if it had originated there.
The forwarding service could even just be an extension to the "rcmd"
suite. All it does it receive and store forwarded tickets.
As was pointed out, this is ok if Host B is a trusted time-sharing
service. Otherwise, it is as if you walked away from your workstation in
the middle of a session without destroying your tickets. Any other
user of that workstation, given root access, could use your tickets for
up to about a day, when they expire.
Steve.
