Re: Security issues with the PAM modules for Kerberos?
On Thu, Feb 14, 2002 at 10:11:48AM +0100, Arne Nordmark wrote:
> In the description for libpam-heimdal it says: "This module should only
> be used for local logins unless you really know what you are doing". On
> the other hand it is quite tempting to use it for IMAP servers etc, so
> what are the issues? Is it that it is easy to make misstakes in
> configuration, or that it is possible to spoof with a fake KDC, or that
> the code not is considered well audited, or something else?
Normally a big feature of Kerberos is that no server
(except the KDC of course) gets access to the users password
or the users ticket, or anything else that could be used to
forge the users identity.
The problem here is that the server gets access to the user's ticket.
Hence, if one server was compromised, then all the users accounts will
immediately be compromised too, and you get no additional security from
using Kerberos over sending passwords over an encrypted channel (whether
SSL or SSH based).
I have updated my FAQ at <http://snoopy.apana.org.au/~bam/debian/faq/>
to include this question, as it seems to be a very common question.
Brian May <email@example.com>