Re: Security issues with the PAM modules for Kerberos?

To: Arne Nordmark <arne.nordmark@mech.kth.se>
Cc: debian-security@lists.debian.org, bam@debian.org
Subject: Re: Security issues with the PAM modules for Kerberos?
From: Torbjorn Pettersson <tobbe@strul.nu>
Date: 14 Feb 2002 10:32:35 +0100
Message-id: <[🔎] 6t3d04flxo.fsf@friday.strul.nu>
In-reply-to: Arne Nordmark's message of "Thu, 14 Feb 2002 10:11:48 +0100"
References: <[🔎] 3C6B7F54.5BB6E065@mech.kth.se>

Arne Nordmark <arne.nordmark@mech.kth.se> writes:

> Hello,
> 
> In the description for libpam-heimdal it says: "This module should only
> be used for local logins unless you really know what you are doing". On
> the other hand it is quite tempting to use it for IMAP servers etc, so
> what are the issues? Is it that it is easy to make misstakes in
> configuration, or that it is possible to spoof with a fake KDC, or that
> the code not is considered well audited, or something else?
> 
> Arne

 I'm not sure if they are refering to additional problems but
the obvious one, but the obvious one would be using an
unencrypted protocol to authenticate to pam with.....

//Tobbe
-- 
######################################################################
Torbjörn Pettersson               #  Email   tobbe@strul.nu
Vattugatan 5                      #  Web     www.strul.nu/~tobbe
S-111 52  Stockholm, Sweden       #
######################################################################

Reply to:

Follow-Ups:
- Re: Security issues with the PAM modules for Kerberos?
  - From: Arne Nordmark <arne.nordmark@mech.kth.se>

References:
- Security issues with the PAM modules for Kerberos?
  - From: Arne Nordmark <arne.nordmark@mech.kth.se>

Prev by Date: Security issues with the PAM modules for Kerberos?
Next by Date: Re: Security issues with the PAM modules for Kerberos?
Previous by thread: Security issues with the PAM modules for Kerberos?
Next by thread: Re: Security issues with the PAM modules for Kerberos?
Index(es):
- Date
- Thread