[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: ITP: pam-krb5

On Thu, 16 Nov 2000, Sean 'Shaleh' Perry wrote:

>> WARNING: for security reasons, you should not use this module for purposes
>> other than local login (xdm, login, etc.). Don't use it over a network
>> unless you _really_ know what you are doing.

> security reasons? why?

pam-krb5 fits nicely into the Kerberos security module so long as it's only
used for authenticating local logins; this is because pam-krb5 authenticates
by retrieving and correctly decrypting a Kerberos TGT (ticket-granting
ticket), which according to the Kerberos model should only ever be done on the
user's local machine.

If you use pam-krb5 for authenticating (e.g.) telnet or ftp, you'll
effectively negate the security advantages of using Kerberos, because you'll
be passing a cleartext password across the network before authenticating
against Kerberos.  For some people, plaintext passwords on a network are not
really an issue; but if you're using Kerberos as a backend it definitely /is/
an issue, because people may trust the security of the system "just because"
you're using Kerberos.

Steve Langasek
postmodern programmer

Reply to: