GSS_C_NO_NAME for desired_name?
simon at sxw.org.uk
Sat Jan 1 14:15:19 EST 2011
On 1 Jan 2011, at 16:48, Brian Candler wrote:
> That is: if someone broken into httpd, and it was using a shared
> which also contained the sshd key, then they'd be able to go fetch
> abuse) the sshd key.
You're not necessarily only concerned with local attackers here.
Encryption key strength can also come into play. For example, say you
have deployed Kerberised NFS, and yet many of your clients can only
use single DES encryption types. But, as corporate policy, you have
moved to AES based encryption types for login services. If you have
both keys in the same keytab (and both NFS and ssh are very keen on /
etc/krb5.keytab), and your sshd accepts any principal in that keytab,
then an attacker only has to break the NFS DES key to compromise your
The point here is that it's hard to give hard and fast answers to some
of these questions. What's fine for one site's security policy may be
radically different for a different site - it all depends on your
analysis of your local risks.
More information about the Kerberos