Subject: Re: ssh - are you nuts?!?
To: None <>
From: None <>
List: tech-security
Date: 12/30/2000 17:23:35
On 20 Dec, Chris Jones wrote:
> writes:
>> On 17 Dec, Jason R Thorpe wrote:
>> > To be fair, you can also have this with Kerberos 5 -- acquire a TGT
>> > with forwardable credentials, and then tell whatever you're using to
>> > forward them:
>> > 
>> I'm not clear on what this means. Can you expand on this?
> When you log in to a Kerberos system, it issues you a Ticket Granting
> Ticket, which represents your identity.  When you telnet to another
> system, Kerberos will try to authenticate you to the remote system by
> requesting a service ticket, on the strength of the TGT it already has
> for you.  In addition, if you configure it to do so, it can forward
> the TGT to the remote host.  Here's the difference:
> With no TGT forwarding, you login at A, typing your Kerberos
> password.  Then you telnet to B, and you don't have to type your
> password.  Then you telnet from B to C, and you *do* have to type your
> password, because B doesn't have your TGT; it only has a service
> ticket for telnet or login.
> With TGT forwarding, you login at A, using your Kerberos password.
> Then you telnet to B, and it sends your TGT along to B.  Then you
> telnet from B to C, and you can again login without a password.
> The clincher is this:  Do you trust the administrator of B not to
> steal your TGT, once you transfer it to that system?
> Kerberos is really quite well thought out.  I believe there's some
> good documentation on the design decisions, available from MIT
> somewhere.
The one problem I see with this design, as with many, is that
if your TGT is hijacked in the opening session, all other
systems are vunerable to similar hijacking. 

Can I get your opinin on this, and of course, anyone else
readin this?