man in the middle on MIT kerberos
Nicolas Williams
Nicolas.Williams at sun.com
Fri Feb 27 14:42:59 EST 2009
On Thu, Feb 26, 2009 at 05:51:21PM +0530, Nikhil Mishra wrote:
> Is it possible to create a man in the middle in a kerberos environment , If
> I own admin privileges in all components of the traffic i.e ( windows
> KDC , windows based application , windows based client ) ?
In any trusted third party protocol, such as Kerberos and PKI, the
trusted third party can generally mount MITM attacks. In PKI the
trusted third party (the CA) can do it by issuing certs with which it
can impersonate principals to which it has issued certs. In Kerberos
the trusted third party (the KDC) can decrypt any ticket. (More or
less; I'm making some simplifying assumptions here.)
More information about the krbdev
mailing list