[97] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: knetd

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:26:04 1987

From jtkohl@ATHENA.MIT.EDU  Thu Sep 18 17:06:26 1986
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Date: Thu, 18 Sep 86 17:04:18 EDT
To: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
Cc: kerberos@athena.mit.edu
In-Reply-To: Jerome H. Saltzer's message of Thu, 18 Sep 86 16:54:11 EDT
Subject: Re: knetd
Us-Snail: Room A303, 4 Ames St, Cambridge, MA
Zip-Code: 02142-1306

Maybe I'm just paranoid, but I don't trust the security of such a table.
It is just asking for impersonation.

Consider someone who breaks root on a server machine.  He can then
impersonate whomever he chooses by writing to the table appropriately.

If there is no such table, he cannot authenticate himself to kerberos
and impersonate someone without other breaches.

John


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[97] in Kerberos

Re: knetd

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)Sun Aug 9 21:26:04 1987

jon@ATHENA.MIT.EDU (jon@ATHENA.MIT.EDU)
Sun Aug 9 21:26:04 1987