Path: utzoo!attcan!uunet!cs.utexas.edu!samsung!usc!apple!bionet!agate!shelby!LINUS.MITRE.ORG!bede
From: bede@LINUS.MITRE.ORG
Newsgroups: comp.protocols.kerberos
Subject: RE: Why is initial user authentication done the way it is?
Message-ID: <9006151609.AA01015@frieda.mitre.org>
Date: 15 Jun 90 16:09:47 GMT
References: <9006151330.AA28394@dduck.ctt.bellcore.com>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 25


   Date: Fri, 15 Jun 90 09:30:20 -0400
   From: Steve Lunt <lunt@ctt.bellcore.com>

	   Although with a modified kpasswd you can screen passwords
	   which are set from your system, you cannot prevent a user from
	   contacting the Kerberos server independent of your kpasswd and
	   changing his password to something trivial. If the user has
	   a copy of the old kpasswd, he can simply use that.  Notice
	   that kpasswd is not setuid.

Valid point, but I'm playing the game of preventing the Bad Guys from
trivially breaking password protection, as opposed to preventing a user
from doing something stupid.  So if a user cobs up a back yard version of
(k)passwd for the sake of having a trivial password, there's not much I
can do but keep running my password cracker and freezing the login in
the hope that s/he eventually gets the message.  In point of fact, I
do this already.

But we're drifting into general system administration matters here,
and Ted Anderson and others have raised some interesting questions more
germane to kerberos proper.


-Bede