Security issue with pam-krb5 ?
Brian Davidson
bdavids1 at gmu.edu
Wed Aug 27 15:37:24 EDT 2003
On Wednesday, August 27, 2003, at 02:16 PM, Matthijs Mohlmann wrote:
>
> Am i right when i say libpam-krb5 send's the password cleartext over
> the
> network ?
In a nutshell, yes. The username & password is still sent across the
network to the daemon as if you weren't using libpam-krb5. Instead of
checking the passwd file, libpam-krb5 attempts to obtain a TGT from
your KDC. Successfully obtaining a TGT means you are authenticated.
If you use libpam-krb5 for telnet, then your username and password go
across in plaintext. Same for ftp. If you use ssh, then they are
encrypted. Anything running over SSL should allow you to *relatively*
securely use libpam-krb5 for authentication.
The downside is that a modified libpam-krb5 on a system could steal
passwords & stash them in a file. "Pure" kerberos won't allow that to
happen, since hosts never receive the user's password.
Security being a delicate balancing act between convenience & security,
this is one of those things you'll have to make a call on. Personally,
I'm fine with the slightly reduced security I get by using libpam-krb5
with ssh. I wouldn't dream of using it for telnet or ftp though. In
other environments, ssh might even be unacceptable.
Brian Davidson
george Mason University
More information about the Kerberos
mailing list