On Fri, Jun 25, 1999 at 03:31:23PM +1000, Brian May wrote: > Thanks - I think I understand now. I thought the users password was > somehow sent to the KDC server, but I guess I was... WRONG! (please tell me if I get anything wrong, but this is the way I understand it at this point in time) It seems that I was wrong when I said ssh was insecure compared with kerberos because of the requirement to store the private key (assuming you password protect it of course) to remove need for regular prompting of your password. I am not sure how ssh private keys a password protected, but I will assume for now it is secure. (Is it?) With Kerberos, *anyone* can request *any* tgt from the server, that is encrypted by the apropriate user's password. Hence, an intruder could request an encrypted tgt and, given time, crack it open. Even though that data might be useless by the time it has been cracked open, if the password was also revealed, the intruder could request a new update to date token and decrypt with the same password. I will have to think some more about how much a threat to security this really is. I suspect that may be entering a level of paranoia that no amount of encryption will solve ;-). However, I probably should retract what I said earlier. Of course, if this is really an issue, I guess you could regularly change your password (kerberos), which is considerably easier then updating all you private keys on different computers (ssh)... Comments anyone??? -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpfIi3A7SN8D.pgp
Description: PGP signature