[1943] in Kerberos
Re: Change Passwords - Literature ?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Wed May 27 22:17:03 1992
Date: Wed, 27 May 92 21:57:21 -0400
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: ralf@eecg.toronto.edu
Cc: kerberos@Athena.MIT.EDU
In-Reply-To: Ralf Hauser's message of 26 May 92 18:21:53 GMT,
Reply-To: tytso@Athena.MIT.EDU
Date: 26 May 92 18:21:53 GMT
From: ralf@eecg.toronto.edu (Ralf Hauser)
Sender: owner-comp-protocols-kerberos@shelby.Stanford.EDU
During my research on password security and authentication,
I started to wonder why there is so much work done on
initial authentication of a principal to a terminal/workstation, but
almost nothing about the in my opinion as sensitive change
of passwords:
- as far as I understand passwd sends the passwords in
clear over the communications link
Well, no. The kerberos client kpasswd, which changes the password
stored in the Kerberos KDC, sends the password encrypted in a
krb_mk_priv message.
The kerberos admin server which we are using internally has a password
dictionary (as well as some other password hueristics) built into it,
and will reject a password change if the new password contains an easily
guessable password.
- as the /etc/passwd file doesn't remember old passwords,
how would a protocol even encrypting the passwd
messages react if an intruder intercepts either the
change request or the acknowledgement from the
authentication server as to prevent the occurence of
inconsistent data between the user and as ?
Kerberos passwords and what's stored in /etc/passwd generally aren't
releated, unless you are running a specially hacked version of login
which forces the /etc/passwd to be in track with you kerberos password.
If the attacker prevents the change request from reaching the KDC, then
kpasswd program won't receive the acknowledgement from the KDC. Since
the acknowledgement from the KDC is also sent in an krb_mk_priv message
(that is to say it is encrypted in a private session key known), the
attacker wouldn't be able to fake the ack.
So the attacker could prevent a password change from happening; but the
user running the kpasswd client would know that the password change had
not been successful, so all that is accomplished is a denial of service
attack.
- Ted
