Cross-realm security issues

[Fredrik Tolf]

There seems to be a lot of concern with cross-realm security issues, as
far as I can see. I'm not very experienced with the authorization side
of Kerberos, so I hope that I can get some clarification on this from
the kind people in this newsgroup.

See, I don't understand how this can be a security issue at all. I mean,
I realize of course that the security of a principal is no greater than
the security of its realm, but as far as I know principals from foreign
realms don't get authorized unless one explicitly adds them to one's
~/.k5login, isn't that so? If that truly is the case, how can cross-
realm authentication possibly be an issue in any way?

Personally, I think it would it nice if Kerberos could be set up to
automatically generate cross-realm paths between KDCs whenever a
principal from one realm wants to authenticate to a principal in another
realm, and from what I know of Kerberos authorization, I cannot see how
that could be wrong. Since this doesn't seem to be the general
consensus, I'm assuming that I'm wrong somewhere, but could someone be
as kind as to enlighten me in just what way I'm wrong?

Fredrik Tolf