[6596] in Kerberos
Re: Authentication Only ?
daemon@ATHENA.MIT.EDU (Jon Roma)
Sun Feb 4 18:56:15 1996
To: kerberos@MIT.EDU
Date: Sun, 04 Feb 1996 17:35:51 -0600
From: Jon Roma <roma@uiuc.edu>
Jonathan Kamens wrote:
>In article <4f03af$aes@news.duke.edu>, mg@ac.duke.edu (Michael Grubb) writes:
>|> Depending on your environment, the user community may be willing to
>|> trust a single, trustworthy web authentication service managed by the
>|> same people managing the KDC.
>Trusting the web authentication service isn't the problem. Trusting all the
>people who can put snoopers on the wire and capture your password as you're
>sending it *to* the web authentication service is the problem.
Exactly!
And a further issue is trusting the web authentication service itself. It's
all well and good for the service to be managed by the same trustworthy
people managing the KDC, as Michael suggests. But how does the innocent
(and naive) web user know to whom he's giving his Kerberos password? What's
to prevent a student in a residence hall from putting up an authentication
service with a dialog mimicking that from the trusted web authentication
service, then collecting the passwords for nefarious purposes?
It's easier to tell people NOT to give their passwords to anyone other than
kinit than it is to expect them to be able to make an intelligent decision
which hosts and nets they can and can not trust. Part of the functionality
inherent in Kerberos is to do secure authentication without having the clear
passwords visible by potential interceptors; I'm not particularly willing to
give up this security in the interest of convenient Web access.
