[1770] in Kerberos_V5_Development
Re: protocol flaw (160 lines) (was: krbdev vs krbcore)
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Fri Sep 20 18:12:17 1996
To: "Donald T. Davis" <don@cam.ov.com>
Cc: krbcore@MIT.EDU
In-Reply-To: Your message of "Fri, 20 Sep 1996 14:39:31 EDT."
<199609201839.OAA24070@gza-client1.cam.ov.com>
Date: Fri, 20 Sep 1996 18:12:06 EDT
From: Marc Horowitz <marc@MIT.EDU>
There's another fix to this problem which much closer to the right
thing.
login and xdm both know the set of valid login names for the host they
are running on. If the login name which is typed doesn't match one of
these names, then the kerberos server should never be sent a request.
In a Hesiod or NIS environment, you have the problem that *that*
request goes in the clear, but environments which care can do
something like athena's nocreate, where the network password database
is not searched.
Or, you could create a new hesiod map which is keyed by a
cryptographic hash of the username. If I type a bogus username, an
attacker can detect that, but they would have to reverse the hash to
get at my password. NIS is, as usual, hopeless.
Marc
