GSS Server without secret key?
Dennis Davis
D.H.Davis at bath.ac.uk
Fri Nov 7 04:47:45 EST 2003
>Subject: GSS Server without secret key?
>From: Oliver Schoett <os at sdm.de>
>Date: Thu, 06 Nov 2003 12:17:03 +0100
>Organization: "sd&m AG, Muenchen, Germany"
>To: kerberos at mit.edu
>
>I have been playing with the Sun GSS/Kerberos sample code in
>
>http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
>
>and noticed that the client in this scenario needs only a Kerberos
>ticket (for example, obtained from an initial Windows logon), whereas
>the server needs a secret key. This creates a key management problem
>for our servers, which I would like to avoid.
>
>Why is it that the server needs a key, when in principle, a ticket
>should be enough to prove one's identity? Is there a way to avoid the
>key management problem for servers?
The server needs a key that's used as part of the authentication
procedure. If this isn't done, you're suseptible to a
man-in-the-middle attack. Also known as the "Zanarotti Attack".
See:
http://www.stacken.kth.se/lists/heimdal-discuss/2000-10/msg00011.html
for further details.
More information about the Kerberos
mailing list