Security issue with pam-krb5 ?
Brian Davidson
bdavids1 at gmu.edu
Fri Aug 29 13:40:25 EDT 2003
On Thursday, August 28, 2003, at 03:54 PM, Sam Hartman wrote:
>
> Brian> libpam-krb5 attempts to obtain a TGT from your KDC.
> Brian> Successfully obtaining a TGT means you are authenticated.
>
>
> Actually, no, you need to verify this TGT against some known service
> principal like the local host key.
>
> Successfully obtaining a TGT only implies authentication if the user
> and a spoofed KDC aren't cooperating.
Interesting. I've used libpam-krb5 on a system which did not have a
local host key, and it still worked for authentication. Granted, it's
not mutual-authentication, but if the KDC which responded is the real
KDC, obtaining a TGT should be sufficient.
Now that you mention it, I do see the potential danger of a spoofed
KDC... host keys still aren't _required_ by libpam-krb5, as far as I
know. Am I missing something?
Brian
More information about the Kerberos
mailing list