[256] in Kerberos
Re: an_to_ln
daemon@TELECOM.MIT.EDU (raeburn@ATHENA.MIT.EDU)
Sat Nov 14 01:43:19 1987
From: raeburn@ATHENA.MIT.EDU
To: Saltzer@ATHENA.MIT.EDU
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Jerome H. Saltzer's message of Sat, 14 Nov 87 01:03:41 EST <8711140603.AA02985@HERACLES.MIT.EDU>
If the user (Jon) does figure out that he has been logged into my
account, it may not be possible for him to delete the mapping.
Consider a .cshrc which says "exec myhack", which only allows escape
to a shell with a magic password. It could also fake a failed login
attempt.
Actually, where Bill mentions that Jon would get "jon has not given
permission ....", I had been assuming that the mapping was automatic
and it would be logging him into my account -- I forgot for the moment
that the username requested on the opposite end is specified elsewhere
in that particular protocol, so that what I suggest for rlogin would
not work. For protocols that depend wholly on Kerberos for
authentication, however, this would not provide a way out.
It would be very difficult to deal with inter-realm activities that
require usernames without some sort of mapping from
Kerberos-authenticated entity to user. All that is needed is the
proper caution in permitting the mappings to be set up.
