[6586] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Michael Grubb)
Sat Feb 3 14:54:59 1996
To: kerberos@MIT.EDU
Date: 3 Feb 1996 11:42:55 -0500
From: mg@ac.duke.edu (Michael Grubb)
In article <199602021943.NAA12264@ux6.cso.uiuc.edu>,
Jon Roma <roma@uiuc.edu> wrote:
>Several other "solutions" have been proposed that involve Web authenticators
>that accept a Kerberos principal and password, but they share the unhappy
>characteristic of transmitting the client's Kerberos password in the clear
>over a possibly insecure network where it is processed by a possibly
>untrustworthy or insecure client.
This seems to be two, possibly separable, problems. You can avoid sending
passwords over the network in the clear by encrypting the transaction, such
as with SSL or S-HTTP. However, without client-side modification there is
no way to get around the problem of supplying your password to a possibly
untrustworthy or insecure web server.
> This defeats the principle that only you and your trusted kinit program
> ever see your cleartext password.
Depending on your environment, the user community may be willing to
trust a single, trustworthy web authentication service managed by the
same people managing the KDC. Your user community may have no more reason
to trust the kinit or login you supply them (they may be binary-only
distributinos, or the users may not be sophisticated enough to read the
source in almost all cases) than they do any other authentication service
you set up. At the same time, the demand for web-based authentication
can be overwhelming.
-- M.
--
Michael Grubb <mg@oit.duke.edu> "not qualified to appear in public"
