Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!ames!bionet!agate!shelby!MIT.EDU!jon
From: jon@MIT.EDU (Jon A. Rochlis)
Newsgroups: comp.protocols.kerberos
Subject: Re: Why is initial user authentication done the way it is?
Message-ID: <9006141917.AA19640@delwin.MIT.EDU>
Date: 14 Jun 90 19:17:51 GMT
References: <9006141836.AA11688@dduck.ctt.bellcore.com>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 15


   You have this vulnerability with the current
   Kerberos TGT     request protocol if you configure your login program to use
   the reply from Kerberos rather than the password in /etc/passwd for
   authentication.  The workstation needs some way of knowing that it is 
   talking
   to the real Kerberos.  It could use it's secret (in /etc/srvtab) for this
   purpose (requiring a change in the TGT request protocol.    

Making use of the TGT so a workstation knows it's not been spoofed by
a fake KDC is quite reasonable, *if* the workstation has a secret
(i.e. a srvtab).  It doesn't work well in a public workstation model,
where there are no secrets on workstations.

		-- Jon