Request for help: How do I get tickets to these workstations?

Booker Bense bbense at stanford.edu
Thu Jun 7 13:34:12 EDT 2012


On Jun 5, 2012, at 12:10 AM, Jan-Piet Mens wrote:

> Ross,
> 
> On Tue Jun 05 2012 at 08:54:11 CEST, Russ Allbery wrote:
> 
>> Our KDCs have always been open to the Internet.
> 
> Oh, I've always thought KDCs need to be particularly protected from the
> elements...


The weakness of a KDC is read access to the underlying data store outside of 
the Kerberos protocol. The protocol does not require any hardening or protection[1]. 

You want to limit physical access to a KDC and remote login access and in general
not run other services on the KDC. Root access on the KDC is having all the keys
to the kingdom. 

You also need better advice, because clearly who ever is making the decisions
about network configuration does not understand Kerberos. 

- Booker C. Bense 

[1]- This is not to say that the KDC server has never had a security issue, but it was designed
to be globally accessible and the protocol was designed to work in an environment where
everyone can read all the packets. The only significant risk is in coding errors in the daemon.
Most sites are willing to accept that risk in exchange for the utility of global access to the KDC. 


More information about the Kerberos mailing list