[27862] in Kerberos
Re: Use ssh key to acquire TGT?
daemon@ATHENA.MIT.EDU (Daniel Kahn Gillmor)
Fri Jun 1 16:52:15 2007
From: Daniel Kahn Gillmor <dkg-mit.edu@fifthhorseman.net>
To: kerberos@mit.edu
Date: Fri, 01 Jun 2007 16:52:04 -0400
In-Reply-To: <46605848.5090008@secure-endpoints.com> (Jeffrey Altman's message
of "Fri, 01 Jun 2007 12:32:56 -0500")
Message-ID: <876467pfd7.fsf@squeak.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri 2007-06-01 13:32:56 -0400, Jeffrey Altman wrote:
> I do want to state that as a KDC administrator would have serious
> concerns with the use of SSH keys as a method of authenticating a
> user to my realm. Users do not generate unique keys for hosts in
> separate authentication domains. They tend to re-use the same key
> everywhere. They also tend to copy the private keys all over the
> place. As a result the risk of private key theft is high and there
> is no mechanism to know what systems have been compromised once the
> theft has occurred.
Furthermore, there is no clear mechanism to revoke an ssh key once it
is known to have been compromised. For the specific case of using an
ssh key as an authentication method against a single realm, the
administrator of the realm in question can always force a re-keying of
the principal in question.
But as soon as you consider more than a single realm (or host, in the
classic ssh model), i don't know of a good, automated way to handle
ssh key revocation.
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGYIbtiXTlFKVLY2URAjuaAKC4hq+KYuhJ5zRwFKnTD2WVgHlRUwCgsX5G
X4/RkoCmz2Wplp9NgQEBXvQ=
=36TC
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
