Preventing an attacker to steal credential and to compromise a whole kerberized network?
Simo Sorce
simo at redhat.com
Tue Oct 11 13:35:31 EDT 2011
On Tue, 2011-10-11 at 08:55 -0700, Mike Spinzer wrote:
> Hello,
>
> I set up the MIT Kerberos in my network (mainly compounded of Ubuntu
> servers), and it's working fine. My concern is now to prevent that if
> an attacker manages to be root on one server, he could after
> compromise other servers. Some of the users need to have root access
> on several servers; By now, they connect to servers through SSH with a
> forwardable ticket, that they can use either to bounce on another
> server or to become root with ksu without entering any password (so
> that they never enter their password on a server that could have been
> compromised).
> However, the problem is that if an attacker is root on one server, he
> can easily steal other users credentials (stored by now in files
> in /tmp) and connect and become root on other servers.
>
> Does Kerberos include any solution to mitigate this risk?
I don't know if Ubuntu includes support, but you can try using the
kernel keyring to store credentials. That should make it more difficult
for an attacker to get access to keys, although not impossible I guess.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list