[304] in Kerberos
Authentication on remote machines
daemon@TELECOM.MIT.EDU (Jeffrey I. Schiller)
Thu Jan 28 19:49:44 1988
From: Jeffrey I. Schiller <jis@BITSY.MIT.EDU>
To: srz@ATHENA.MIT.EDU
Cc: treese@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
In-Reply-To: <srz@ATHENA.MIT.EDU>'s message of Wed, 27 Jan 88 19:14:35 EST <8801280014.AA01330@CHARON.MIT.EDU>
From: <srz@ATHENA.MIT.EDU>
Date: Wed, 27 Jan 88 19:14:35 EST
Why not do it right, and not require the password to be typed at
all? The local machine could request tickets, which could be sent
over encrypted to the remote machine. This would require a change
to kerberos, so that one machine can request tickets that would
be good for another machine. Of course, the lifetime couldn't
exceed the lifetime of the original tickets.
-stan
I like Win's suggestion. I do not like this one. The problem I
see is that it would allow someone who walked up to your workstation,
to propagate a TGT for you to some other machine.
Example: User "B" is logged in to server "S".
User "A" leaves his terminal unattended for a moment.
User "B" walks up to "A"'s workstation and uses "rlogin" to
get to "S". He then copies the tkt file created on "S" to another
location and sets it to be publicly readable. He then grabs it from his
session on "S" and now is in possession of a valid TGT for host "S" for
user "A".
Win's approach does not suffer from this problem.
-Jeff
P.S. This issue has come up and been debated before. ALL: Please check
the archives of the "kerberos" mailing list for the old discussion.
