[7679] in Kerberos
Linux or Vb6 hole?
daemon@ATHENA.MIT.EDU (Albert 'Gus' Massey (x-2845))
Fri Jul 26 09:42:54 1996
Date: Fri, 26 Jul 1996 09:36:07 -0400 (EDT)
From: "Albert 'Gus' Massey (x-2845)" <amassey@nastg.gsfc.nasa.gov>
To: kerberos@MIT.EDU
Kerberos folks,
We have playing with Kerberos V Beta 6 on Linux 1.2.13 PCs and discovered
a possible hole. The following explains -
--- 1 --- First login to ntg02 as root and kinit as mere user amassey
Welcome to Linux 1.2.13.
ntg02 login: root
Password:
Linux 1.2.13. (POSIX).
ntg02:~# klist
klist: No credentials cache file found while setting cache flags (ticket cache /tmp/krb5cc_0)
ntg02:~# kinit amassey
Password for amassey@CSC.NTG:
ntg02:~# klist
Ticket cache: /tmp/krb5cc_0
Default principal: amassey@CSC.NTG
Valid starting Expires Service principal
23 Jul 96 16:50:06 24 Jul 96 02:50:03 krbtgt/CSC.NTG@CSC.NTG
--- 2 --- Next telnet over to ntg03
ntg02:~# telnet -x ntg03
Trying 10.0.20.112...
Connected to ntg03.gsfc.nasa.gov.
Escape character is '^]'.
[ Kerberos V5 accepts you as ``amassey@CSC.NTG'' ]
Last login: Mon Jul 22 09:53:55 on tty1
Linux 1.2.13. (POSIX).
You have new mail.
--- 3 --- check what's active, noting pid 1338
ntg03:~# ps -a
PID TTY STAT TIME COMMAND
57 v02 S 0:00 /sbin/agetty 38400 tty2
58 v03 S 0:00 /sbin/agetty 38400 tty3
59 v04 S 0:00 /sbin/agetty 38400 tty4
60 v05 S 0:00 /sbin/agetty 38400 tty5
61 v06 S 0:00 /sbin/agetty 38400 tty6
654 v01 S 0:00 /sbin/agetty 38400 tty1
1338 pp0 S 0:00 login -h 10.0.20.111 -p -F root
1339 pp0 S 0:00 -bash
1351 pp0 R 0:00 ps -a
ntg03:~# who
root ttyp0 Jul 23 16:51 (10.0.20.111)
--- 4 --- exit off ntg03 - return to ntg02
ntg03:~# exitConnection closed by foreign host.
ntg02:~# klist
Ticket cache: /tmp/krb5cc_0
Default principal: amassey@CSC.NTG
Valid starting Expires Service principal
23 Jul 96 16:50:06 24 Jul 96 02:50:03 krbtgt/CSC.NTG@CSC.NTG
23 Jul 96 16:51:20 24 Jul 96 02:50:03 host/ntg03.sdf.csc.com@CSC.NTG
ntg02:~#
==================
What happened? Did we mess up on Linux, or forget someting important on
the Kerberos V setup?
Thanks ......
----------------------------->>>>>>>>>><<<<<<<<<<-----------------------------
Gus Massey Phone: 301-794-2523
Computer Sciences Corporation Fax: 301-794-9530
Systems Sciences Division
7700 Hubble Drive email: Albert.Massey@gsfc.nasa.gov
Seabrook, MD 20706 amassey@csc.com
----------------------------->>>>>>>>>><<<<<<<<<<-----------------------------
