[7575] in Kerberos
Re: Question about the security of forwarded TGTs
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jul 2 14:41:33 1996
To: kenh@cmf.nrl.navy.mil (Ken Hornstein)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 02 Jul 1996 14:15:19 -0400
In-Reply-To: kenh@cmf.nrl.navy.mil's message of 1 Jul 1996 23:25:19 -0400
>>>>> "Ken" == Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
`
Ken> I'm adding Kerberos authentication to an application, and I
Ken> need to forward a ticket-granting ticket. Fine, no problem;
Ken> Kerberos 5 supports this. I'm using MIT Kerberos 5 beta 6.
If you aren't doing something like telnetd or klogind, you
might consider using proxyable tickets instead of forwardable
tickets. This way, you only give away the tickets that the remote
service uses. Be aware that proxyable tickets aren't really used by
much (although they are a useful service sometimes), so you may have
some debugging. Just a thought.
Ken> Both the Kerberos rlogin and Kerberos telnet distributed with
Ken> the MIT Kerberos 5 distribution use krb5_fwd_tgt_creds to
Ken> create the magic that gets forwarded to the remote system.
Ken> This is easy enough to duplicate in my own code, and I've
Ken> done this with no problem.
Ken> However, I'm wondering exactly how this TGT is protected. I
Ken> know that when you get your initial TGT, it's encrypted with
Ken> your password. But what protects the TGT when it's forwarded
Ken> to the remote system? It looks like it might be encrypted
Ken> using the secret key of whatever server you're going to send
Ken> the TGT to. Is that the case?
As a general rule, transmitting tickets unencrypted over the
network is perfectly reasonable. It is the session key associated
with the ticket that needs to be protected. It looks like
krb5_mk_ncred, the function used to prepare the credentials to be
transmitted over the network encrypts enough of the credentials that
they are safe. It uses either the subkey present in the authcontext
if a subkey was established by mrkb5_mk_req, or it uses the session
key from the ticket for the remote server.
One issue you should consider in any forwarded application is
mutual authentication. Kerberos provides you with a mechanism to know
what remote principal you are talking to using the mutual
authentication options. However, as a user-interface issue it is
important to make sure that you are actually talking to the principal
that the user intended to talk to before forwarding credentials.
Remember that services like DNS are not particularly secure.
Ken> Again, forgive me if this is a silly question; I just want to
Ken> make sure I'm not doing something horribly insecure by
Ken> mistake :-)
Ken> --Ken
