[7572] in Kerberos
Question about the security of forwarded TGTs
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Jul 2 09:18:58 1996
To: kerberos@MIT.EDU
Date: 1 Jul 1996 23:25:19 -0400
From: kenh@cmf.nrl.navy.mil (Ken Hornstein)
Forgive me if this is a silly question; I must admit that I sometimes can't
follow all of the Kerberos code.
I'm adding Kerberos authentication to an application, and I need to forward
a ticket-granting ticket. Fine, no problem; Kerberos 5 supports this. I'm
using MIT Kerberos 5 beta 6.
Both the Kerberos rlogin and Kerberos telnet distributed with the MIT Kerberos
5 distribution use krb5_fwd_tgt_creds to create the magic that gets forwarded
to the remote system. This is easy enough to duplicate in my own code, and
I've done this with no problem.
However, I'm wondering exactly how this TGT is protected. I know that when
you get your initial TGT, it's encrypted with your password. But what
protects the TGT when it's forwarded to the remote system? It looks like
it might be encrypted using the secret key of whatever server you're going
to send the TGT to. Is that the case?
Again, forgive me if this is a silly question; I just want to make sure I'm
not doing something horribly insecure by mistake :-)
--Ken
