[39454] in Kerberos
Re: Why do "strict acceptor checking"?
daemon@ATHENA.MIT.EDU (Roland C. Dowdeswell)
Tue Oct 8 05:58:15 2024
Date: Tue, 8 Oct 2024 10:50:36 +0100
From: "Roland C. Dowdeswell" <elric@imrryr.org>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: kerberos@mit.edu
Message-ID: <6eex7zf7qp5sid5z6kzeqg762fs5acmo3jz7lbiwinmapayyy3@4sr7binjgjrq>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <202410080023.4980NSGB010697@hedwig.cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, Oct 07, 2024 at 08:23:28PM -0400, Ken Hornstein via Kerberos wrote:
>
> However, this has made me wonder: why do this at all? What is the
> possible security gain here? It's not the default in the code; you have
> to explicitly write code to enable this behavior. But I can't really
> think of a case where NOT having strict acceptor checking is a security
> problem; I could maybe squint and envision some kind of weird hosted
> server setup where it might matter, but I'm not sure that is ever done
> in the real world. I will admit it is entirely possible I am missing
> something; if I am, I'd sure like to understand what I am missing.
I have always operated under the theory that one should make sure that
the keytab accepts exactly the set of principals that are required.
This is something that is under the ultimate control of the system
administrator. When an application turns on strict acceptor checking,
they remove this configrability from the system administrator which I
think makes the system much less flexible.
--
Roland C. Dowdeswell https://Imrryr.ORG/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos