Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!sun-barr!newstop!exodus!red-dwarf!pallas From: pallas@eng.sun.com (Joseph Pallas) Newsgroups: comp.protocols.kerberos Subject: Re: setup of kerberos Message-ID: Date: 8 Apr 91 19:54:11 GMT References: <1991Apr5.200458.6549@kpc.com> <9104062139.AA09007@tsx-11.MIT.EDU> Sender: news@exodus.Eng.Sun.COM Lines: 30 In <9104062139.AA09007@tsx-11.MIT.EDU> tytso@ATHENA.MIT.EDU (Theodore Ts'o) writes: >The reason behind this is of security. Kerberos tickets are only >good on one host, so that if someone steals your tickets, they can >only use them to compromise you on the host they originally came >from. Unless, of course, the thief has the skills of a typical undergraduate. >Both using kinit and rkinit require that you type your password over >again, but that's the price you pay for security. Funny, I thought the whole point of Kerberos's Ticket-Granting Ticket was so you don't have to type your password all the time. Where does the price of security go in that case? >In Kerberos Version 5, "forwardable" tickets can be created (although >the KDC can be compiled to disallow them, depending on the site >policies) which allow you to forward tickets from Host A to Host B >without needing to type your password over again. Of course, this opens >up a minor security hole, but some users demand convenience at any >cost.... It's hard to see how this "opens up" a security hole. Either Kerberos depends on host addresses or it doesn't. If it does, there's a security hole. If it doesn't, forwarding tickets won't create one. joe