Re: Security issues with the PAM modules for Kerberos?
Yes, clearly SSL, SSH or something similar must be used to encrypt the
communication, so the interesting question is whether there are other
issues.
Arne
Torbjorn Pettersson wrote:
>
> Arne Nordmark <arne.nordmark@mech.kth.se> writes:
>
> > Hello,
> >
> > In the description for libpam-heimdal it says: "This module should only
> > be used for local logins unless you really know what you are doing". On
> > the other hand it is quite tempting to use it for IMAP servers etc, so
> > what are the issues? Is it that it is easy to make misstakes in
> > configuration, or that it is possible to spoof with a fake KDC, or that
> > the code not is considered well audited, or something else?
> >
> > Arne
>
> I'm not sure if they are refering to additional problems but
> the obvious one, but the obvious one would be using an
> unencrypted protocol to authenticate to pam with.....
>
> //Tobbe
> --
> ######################################################################
> Torbjörn Pettersson # Email tobbe@strul.nu
> Vattugatan 5 # Web www.strul.nu/~tobbe
> S-111 52 Stockholm, Sweden #
> ######################################################################
--
Arne Nordmark Tel: +46 8 - 790 71 92
KTH/Mekanik Fax: +46 8 - 723 04 75
SE-100 44 STOCKHOLM Internet: arne.nordmark@mech.kth.se
Sweden
Reply to: