[2602] in Kerberos
Re: Re: Kerberos 5 & login
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Feb 25 17:12:39 1993
Date: Thu, 25 Feb 93 16:53:31 -0500
From: Theodore Ts'o <tytso@Athena.MIT.EDU>
To: dean@ksr.com
Cc: bf4grjc@bell-atl.com, kerberos@Athena.MIT.EDU
In-Reply-To: Dean Anderson's message of Thu, 25 Feb 93 12:22:33 EST,
From: dean@ksr.com (Dean Anderson)
Date: Thu, 25 Feb 93 12:22:33 EST
The login program should request a ticket for the user which comes back in
the normal way encrypted in the users private key. The login program
sets up the initial key file (shared memory), and requests a ticket
for the authorization server.
(The implementation of the authorization server just sends back a yes
if the ticket presented to it (and the session key used to encrypt the
session) are valid. The login/xdm program accepts this and permits
access.
You don't need to have a fancy authorization server to do this. Assume
for the moment that you have a srvtab with a rcmd key. Well, then all
the login program needs to do is to request rcmd tickets from the KDC
using the user's ticket granting ticket. It then verifies the those
tickets using the rcmd key in the machine's srvtab. There's no need to
go out to an authrorization server to do this.
Ah, you say, but suppose you don't have a srvtab on that workstation?
The above solution wouldn't work; would an authorization server do the
right thing? No, you're still S.O.L. because you don't have a secure
key to authenticate to the authorization server. The attacker who could
fake you out by sending to your host fake TGT's encrypted in a password
of the attacker's choice, could (if you used the fake TGT to
authenticate to the authorization server) fake out that connection, and
mislead the login program into thinking that the TGT was good.
In general, in order to solve this problem, you *must* have a secure key
on the workstation which acts as the workstation's identity while you
verify the user's TGT. If you don't have a secure key, the only way you
can solve this problem is if you use public key technology (and now you
would have to get a license to use RSA for every single workstation on
your network).
- Ted
