What happens if my KDC is compromised?
John Hascall
john at iastate.edu
Fri Sep 17 08:16:06 EDT 2010
> What would be the implications if my KDC was compromised and an attacker
> got a hold of the KDB or in my case the LDAP directory storing principal
> information?
The implication is you are now well and truly f***ed.
Were I wearing a black hat, the first thing I'd do
is install a modified kadmind<1> and steal the actual
passwords it sees.
Or if I was impatient, with 'kinit -C' I'd just forge
me some tickets.
If all they got was the KDB, then they would still have
the luxury of off-line cracking.
John
<1> As an aside, in fact, many years ago I did almost this very thing.
When we were discussing increasing our minimum password strength
standards from 5-chars/2-sets I used a modified kadmind to dump, not
actual passwords, but just statistical info. As expected, most people
did the minimum: well over half the passwords were 4 lowercase letters
followed by a digit). It was a pretty trivial exercise.
More information about the Kerberos
mailing list