[253] in Kerberos
Re: an_to_ln
daemon@TELECOM.MIT.EDU (raeburn@ATHENA.MIT.EDU)
Fri Nov 13 22:34:59 1987
From: raeburn@ATHENA.MIT.EDU
To: srz@MELANGE.LCS.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Stan Zanarotti's message of Fri, 13 Nov 87 16:00:59 EST <8711132100.AA06250@melange.LCS.MIT.EDU>
It sounds good, but the krb_alias program, as implemented (if I
remember it right), would permit denial of service of a sort.
Consider this scenario:
I log in to Charon.
I run "krb_alias" with the appropriate arguments to map
"jon@ATHENA.MIT.EDU" to "raeburn".
Jon can no longer log in to his own account on Charon.
(Guess who I was just discussing this with?)
You would probably have to present tickets for <aname> to be mapped,
as well as tickets for the target <lname> (or someone who can get mapped
to it) in order to establish the mapping. A simple implementation
could ask for the password of the <aname> while logged in as <lname>
(which assumes that authentication and authorization have already been
established).
