[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security issues with the PAM modules for Kerberos?

Yes, clearly SSL, SSH or something similar must be used to encrypt the
communication, so the interesting question is whether there are other
issues.

Arne

Torbjorn Pettersson wrote:
> 
> Arne Nordmark <arne.nordmark@mech.kth.se> writes:
> 
> > Hello,
> >
> > In the description for libpam-heimdal it says: "This module should only
> > be used for local logins unless you really know what you are doing". On
> > the other hand it is quite tempting to use it for IMAP servers etc, so
> > what are the issues? Is it that it is easy to make misstakes in
> > configuration, or that it is possible to spoof with a fake KDC, or that
> > the code not is considered well audited, or something else?
> >
> > Arne
> 
>  I'm not sure if they are refering to additional problems but
> the obvious one, but the obvious one would be using an
> unencrypted protocol to authenticate to pam with.....
> 
> //Tobbe
> --
> ######################################################################
> Torbjörn Pettersson               #  Email   tobbe@strul.nu
> Vattugatan 5                      #  Web     www.strul.nu/~tobbe
> S-111 52  Stockholm, Sweden       #
> ######################################################################

-- 
	Arne Nordmark		Tel: +46 8 - 790 71 92
	KTH/Mekanik		Fax: +46 8 - 723 04 75
	SE-100 44 STOCKHOLM	Internet: arne.nordmark@mech.kth.se
	Sweden
Reply to: