[255] in Kerberos
Re: an_to_ln
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Sat Nov 14 01:04:45 1987
To: Bill Sommerfeld <wesommer@ATHENA.MIT.EDU>
Cc: wesommer@ATHENA.MIT.EDU, raeburn@ATHENA.MIT.EDU, srz@ATHENA.MIT.EDU,
In-Reply-To: Bill Sommerfeld <wesommer@ATHENA.MIT.EDU>'s message of Sat, 14 Nov 87 00:06:08 EST
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> Jon tries to log into his account; finds that it fails ("jon
> has not given permission for jon@ATHENA.MIT.EDU to log in").
> Jon runs "rkrb_alias" to find out what he maps into, deletes
> the mapping, (falling back to the old one, of course), and starts
> winning again.
The only problem with this scenario is that an ordinary mortal who
has been victim of this hack is very unlikely to figure out what has
happened. Even after he or she finds an authentication wizard to
explain mapping, it is unlikely the victim will carry away warm
feelings toward Kerberos.
Do we really need this kind of mapping?
Jerry
