Re: Security issues with the PAM modules for Kerberos?

To: Arne Nordmark <arne.nordmark@mech.kth.se>
Cc: debian-security@lists.debian.org
Subject: Re: Security issues with the PAM modules for Kerberos?
From: Brian May <bam@debian.org>
Date: Fri, 15 Feb 2002 10:46:15 +1100
Message-id: <[🔎] 20020214234614.GB1826@snoopy.apana.org.au>
In-reply-to: <[🔎] 3C6B7F54.5BB6E065@mech.kth.se>
References: <[🔎] 3C6B7F54.5BB6E065@mech.kth.se>

On Thu, Feb 14, 2002 at 10:11:48AM +0100, Arne Nordmark wrote:
> In the description for libpam-heimdal it says: "This module should only
> be used for local logins unless you really know what you are doing". On
> the other hand it is quite tempting to use it for IMAP servers etc, so
> what are the issues? Is it that it is easy to make misstakes in
> configuration, or that it is possible to spoof with a fake KDC, or that
> the code not is considered well audited, or something else?

Normally a big feature of Kerberos is that no server
(except the KDC of course) gets access to the users password
or the users ticket, or anything else that could be used to
forge the users identity.

The problem here is that the server gets access to the user's ticket.
Hence, if one server was compromised, then all the users accounts will
immediately be compromised too, and you get no additional security from
using Kerberos over sending passwords over an encrypted channel (whether
SSL or SSH based).

I have updated my FAQ at <http://snoopy.apana.org.au/~bam/debian/faq/>
to include this question, as it seems to be a very common question.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- Security issues with the PAM modules for Kerberos?
  - From: Arne Nordmark <arne.nordmark@mech.kth.se>

Prev by Date: Re: Un-installing inetd on Woody.
Next by Date: Why do I get mail for root of sunbird.aimcomm.com?
Previous by thread: Re: Security issues with the PAM modules for Kerberos?
Next by thread: is potato's cvs secure?
Index(es):
- Date
- Thread