Is "SPN advertisement" or well-known SPNs a security hole?
Jeffrey Altman
jaltman at secure-endpoints.com
Mon Jan 14 17:58:11 EST 2008
Srinivas Kakde wrote:
>
> This message says: From a security standpoint, allowing the server to specify its
> service principal is a "bad idea".
>
> Why it a bad idea?
It is a bad idea because it permits an untrusted party, the server you
want to communicate with, to decide who it is that the client is trying
to authenticate to. It would be like walking down the street looking
for an undercover police officer and instead finding a drug dealer. You
decide to authenticate the undercover officer by calling the police
precinct but instead of using a phone number for the precinct that you
obtained from the Verizon phone book you ask the drug dealer for the
phone number of the precinct. When you call the provided number, his
accomplice answers and confirms that he is in fact a police officer.
The security of the authentication is based upon the name. By asking
you to authenticate to a name selected by the attacker, you can be
tricked into using a KDC that is in fact under the control of the
attacker.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080114/531cf963/attachment.bin
More information about the Kerberos
mailing list