[247] in Kerberos
re: get_ad_tkt
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Sun Nov 1 23:30:49 1987
To: tytso@ATHENA.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU, tytso@ATHENA.MIT.EDU
In-Reply-To: tytso@ATHENA.MIT.EDU's message of Sun, 1 Nov 87 23:12:34 EST
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> It should probably check to make sure that the ticket that it
> got back from kerberos matches what it asked for by checking the
> returned service name/instance strings. After all, get_ad_tkt can't be
> *sure* that it is talking to kerberos, so it should be as paranoid as
> possible.
It should check, but primarily for human engineering, rather than
paranoia. If the Kerberos is bogus, no service will accept the
ticket anyway, so the client's data is safe. (In some relaxed
protocols the client may include some data in the same packet with
the ticket, but presumably a protocol would do that only if it
weren't paranoid about that particular data.) But if something is
just accidentally screwed up, the earlier the problem is discovered,
the easier it is to diagnose and get started untangling the mess.
Jerry
