RE: ITP: pam-krb5
On Thu, 16 Nov 2000, Sean 'Shaleh' Perry wrote:
>> WARNING: for security reasons, you should not use this module for purposes
>> other than local login (xdm, login, etc.). Don't use it over a network
>> unless you _really_ know what you are doing.
> security reasons? why?
pam-krb5 fits nicely into the Kerberos security module so long as it's only
used for authenticating local logins; this is because pam-krb5 authenticates
by retrieving and correctly decrypting a Kerberos TGT (ticket-granting
ticket), which according to the Kerberos model should only ever be done on the
user's local machine.
If you use pam-krb5 for authenticating (e.g.) telnet or ftp, you'll
effectively negate the security advantages of using Kerberos, because you'll
be passing a cleartext password across the network before authenticating
against Kerberos. For some people, plaintext passwords on a network are not
really an issue; but if you're using Kerberos as a backend it definitely /is/
an issue, because people may trust the security of the system "just because"
you're using Kerberos.