Help: Why SSL must be enabled when using mod_auth_kerb in httpd?
Russ Allbery
rra at stanford.edu
Tue Mar 8 13:31:19 EST 2011
Frank Cusack <frank+krb at linetwo.net> writes:
> On 3/5/11 5:17 PM +0800 Lee Eric wrote:
>> I'm just thinking why SSL must be enabled when using mod_auth_kerb in
>> httpd. Because password will be transferred in encryption by Kerberos.
>> So is SSL used to proect the tickets or anything else?
> You should never send authentication credentials to an unknown entity.
> If you don't use SSL, you don't know where you are sending those creds.
> In this case, it would allow me to impersonate you.
Normally, in GSSAPI, you would do mutual auth before you did credential
delegation. The problem with Negotiate-Auth in HTTP is that you can't do
mutual authentication without breaking the protocol, so it just skips that
part. That means that the client authenticates to the server, but the
server doesn't authenticate to the client. So you really want TLS to do
the other half of the authentication (and you really want channel bindings
too, but you're probably not going to get that).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list