What happens if my KDC is compromised?

John Hascall john at iastate.edu
Fri Sep 17 08:16:06 EDT 2010



> What would be the implications if my KDC was compromised and an attacker 
> got a hold of the KDB or in my case the LDAP directory storing principal 
> information?

The implication is you are now well and truly f***ed.

Were I wearing a black hat, the first thing I'd do
is install a modified kadmind<1> and steal the actual
passwords it sees.

Or if I was impatient, with 'kinit -C' I'd just forge
me some tickets.

If all they got was the KDB, then they would still have
the luxury of off-line cracking.


John

<1> As an aside, in fact, many years ago I did almost this very thing.
When we were discussing increasing our minimum password strength
standards from 5-chars/2-sets I used a modified kadmind to dump, not
actual passwords, but just statistical info.  As expected, most people
did the minimum: well over half the passwords were 4 lowercase letters
followed by a digit).  It was a pretty trivial exercise.



More information about the Kerberos mailing list