[1774] in Kerberos_V5_Development
Re: protocol flaw (160 lines) (was: krbdev vs krbcore)
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Sat Sep 21 16:47:08 1996
Date: Sat, 21 Sep 1996 16:46:56 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: marc@MIT.EDU
Cc: don@cam.ov.com, krbcore@MIT.EDU
In-Reply-To: <199609202257.SAA14816@beeblebrox.MIT.EDU> (message from Marc
Horowitz on Fri, 20 Sep 1996 18:57:31 EDT)
In fact, [hasing the key in with the client name] makes life
harder. You'd need an index in the database
for each enctype the principal had. If you want to give decent
diagnostics, it's worse, since there's no way to distinguish
"principal doesn't have that enctype" from "principal doesn't exist"
In fact, there is no way to distinguish between "principal does not
exist" and "password incorrect." Of course, some people would
consider that a feature. :-)
Note that a KDC that wanted to support this PA type would have to be
able to index the database by both principal names and hashed
principal names, unless it was willing not to support clients that did
not use the PA type (in which case you might as well just change the
protocol instead of using a PA type).
Barry
