[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kerberos and Hesiod?

   From: joda@pdc.kth.se (Johan Danielsson)
   Date: 13 Oct 1997 13:25:49 +0200

   > > > I'd like them to use Kerberos V for user authentication, and Hesiod
   > > > for all the uid/gid and /etc/passwd stuff.
   > > 
   > > This sounds like a nice security hole to me.

   >      Say what?

   Since Hesiod is insecure, can't I just tell your machine that `joda'
   has uid 0 when logging in?

Yup.  Project Athena uses hesiod to set the user id's, but that's on
public workstations where the user id's don't really have much meaning
anyway.  (i.e., user files aren't stored on public workstation, and the
remote filesystems --- AFS and NFS --- are Kerberos authenticated)

Root is the easy case; you simply special case out root, just as you
probably want to special case out root if you're using non-Kerberos
authenticated NFS filesystem mounts.  The real killer is user's getting
at other user's file.  

This happens to not be a problem for public cluster workstations since
only one user logs in at a time and (as I've mentioned already) users
don't store user files on the public cluster machine.  

But yes, otherwise, using Hesiod for uid/gid information is a problem.

						- Ted

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []