Re: Kerberos on .debian.org?

To: debian-devel@lists.debian.org
Subject: Re: Kerberos on .debian.org?
From: Brian May <bam@debian.org>
Date: 11 Mar 2001 07:44:39 +1100
Message-id: <[🔎] 84d7bpe4lk.fsf@snoopy.apana.org.au>
In-reply-to: <[🔎] Pine.LNX.3.96.1010310021707.6894H-100000@wakko.deltatee.com>
References: <[🔎] 84n1audrxo.fsf@snoopy.apana.org.au> <[🔎] Pine.LNX.3.96.1010310021707.6894H-100000@wakko.deltatee.com>

>>>>> "Jason" == Jason Gunthorpe <jgg@debian.org> writes:

    >> This sounds like a good argument to me. However, the LDAP
    >> database is just as vulnerable... Isn't it?

    Jason> You cannot reverse a hashed password into something you can
    Jason> feed over the network to gain access. You can do that to a
    Jason> stolen KDC database.

I would assume that if you had physical access to the console of the
LDAP (or KDC) database, then you could also make changes to the
database, such as adding/modifying entries to suit[1]. Then an attacker
could have instant access to any of the computers. Or am I mistaken?

Note:

[1] perhaps an attacker could create another account with the same UID
(not sure if this would work or not), or perhaps he/she could save the
existing password, and replace it with a new one.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: Kerberos on .debian.org?
  - From: Jason Gunthorpe <jgg@debian.org>
- Re: Kerberos on .debian.org?
  - From: Sam Hartman <hartmans@mit.edu>

References:
- Re: Kerberos on .debian.org?
  - From: Brian May <bam@debian.org>
- Re: Kerberos on .debian.org?
  - From: Jason Gunthorpe <jgg@debian.org>

Prev by Date: ITP: apt-sources
Next by Date: Re: Kerberos on .debian.org?
Previous by thread: Re: Kerberos on .debian.org?
Next by thread: Re: Kerberos on .debian.org?
Index(es):
- Date
- Thread