kdc ldap referral handling strangeness
Kevan Carstensen
kacarstensen at csupomona.edu
Mon Mar 19 14:04:08 EDT 2012
Excerpts from Greg Hudson's message of 2012-03-18 19:22:27 -0700:
> Can you explain how a "malicious referral" could come about? If the
> communication channel between slapd and the KDC isn't secure, there are
> lots of other attacks.
An attacker could change slapd.conf on a compromised read-only slapd so
that updates are directed to a different attacker-controlled server. Of
course, if an attacker compromises the slapd that contains the kerberos
directory, malicious referrals are probably among the least of our
concerns. An attacker with write access to some portion of the DIT on
the KDC could insert a referral object into the DIT that sends clients
with updates to an attacker-controlled server, and could gain that sort
of access without necessarily rooting the KDC server, compromising the
entire database, or compromising the communication channel between the
slapd and the KDC (e.g., if an administrator makes a mistake in a slapd
acl).
> Would it then go back to the original connection for subsequent
> operations? (I assume so; otherwise, you may as well just point the
> slave KDCs at the master LDAP server, as they'd wind up there soon enough.)
Yes, that's right.
--
Kevan Carstensen <kacarstensen at csupomona.edu>
Operating Systems Analyst, I&IT Systems, Cal Poly Pomona
More information about the Kerberos
mailing list