Path: utzoo!attcan!uunet!samsung!umich!terminator!terminator.cc.umich.edu!wes
From: wes@terminator.cc.umich.edu (Wesley Craig)
Newsgroups: comp.protocols.kerberos
Subject: Re: Why is initial user authentication done the way it is?
Message-ID: <1990Jun15.170137.5454@terminator.cc.umich.edu>
Date: 15 Jun 90 17:01:37 GMT
References: <9006150126.AA22710@E40-008-10.MIT.EDU>
Sender: usenet@terminator.cc.umich.edu (usenet news)
Organization: U of Michigan, ITD Research Systems
Lines: 25

In article <9006150126.AA22710@E40-008-10.MIT.EDU> wesommer@ATHENA.MIT.EDU (Bill Sommerfeld) writes:
>Jon claims in his revised protocol that:
>
>   there is no way to get an encrypted ticket to bang on without
>   first proving to the server that you are who you claim to be.
>
>Sure there is.  All I have to do is get a valid TGT, and then ask the
>KDC for a ticket to jik@ATHENA.MIT.EDU.  The response will include a
>"ticket to jik", which will contain my name (and other things)
>encrypted in your key.  I can then bang on the ticket all I want in
>the privacy of my own CPU.

This is interesting, but really not as bad as the problem Jon and I
talked about. The above *does* require a valid TGT, first. Biff, of
course, doesn't have a valid TGT. Unfortuately he doesn't need one,
either.

>Remember that in Kerberos there is no difference between users and
>servers.

If it weren't for the design flaws, getting a "ticket to jik" wouldn't
be a problem.  I can't think of any added security you'd get be
splitting users and servers, under a working authentication protocol.

wes