Path: utzoo!utgpu!watserv1!watmath!att!linac!midway!ncar!elroy.jpl.nasa.gov!usc!zaphod!think.com!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jon
From: jon@athena.mit.edu (Jon A. Rochlis)
Newsgroups: comp.protocols.iso.dev-environ
Subject: Re: ISODE patches for Kerberos
Keywords: Kerberos
Message-ID: <1991Jan15.191554.29294@athena.mit.edu>
Date: 15 Jan 91 19:15:54 GMT
References: <9101130147.aa02165@stork.doc.ic.ac.uk>
Sender: news@athena.mit.edu (News system)
Distribution: inet
Organization: Massachusetts Institute of Technology
Lines: 13

While it's nice to see people adapting Kerberos for their needs, I
must point out two problems with this use of Kerberos:

1) You're not getting any increase in security because you are still
	sending the user's password in the clear.  The only thing
	you're gaining is not having to maintain a password file(s).

2) Just getting an initial ticket is not sufficent to prove your
	identity.  You've violated the basic
	assumption of client/server *each* sharing a secret with the KDC.
	Where there's only one secret the user can spoof the KDC and
	fool the server in question.  Take a look at MIT's ksu.c for a
	way around this (which requires the server to have a secret).