Cross-realm security issues
Fredrik Tolf
fredrik at dolda2000.com
Wed Sep 29 19:30:07 EDT 2004
On Wed, 2004-09-29 at 21:59 +0000, Sam Hartman wrote:
> >>>>> "Fredrik" == Fredrik Tolf <fredrik at dolda2000.com> writes:
>
> Fredrik> See, I don't understand how this can be a security issue
> Fredrik> at all. I mean, I realize of course that the security of
> Fredrik> a principal is no greater than the security of its realm,
> Fredrik> but as far as I know principals from foreign realms don't
> Fredrik> get authorized unless one explicitly adds them to one's
> Fredrik> ~/.k5login, isn't that so? If that truly is the case, how
> Fredrik> can cross- realm authentication possibly be an issue in
> Fredrik> any way?
>
> I tend to agree with your understanding. It could be a problem if you
> don't trust your users to make reasonable authorization decisions.
If that is the case, I would rather see that there would be a global
directive in /etc/krb5.conf that would disallow _authorization_ from
foreign realms, regardless of individual users' authorization settings.
I don't think that the authentication should be invalid just because one
don't trust one's users with authorization.
> I think most of the concern about cross-realm security is unfounded.
I'm glad to hear that. In my opinion, it would be very nice if Kerberos
could, in conjunction with DNS (maybe DNSSEC?), would form a global
authentication system, in the same spirit in which DNS forms a global
information database.
Fredrik Tolf
More information about the Kerberos
mailing list