Subject: Re: ssh - are you nuts?!?
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 12/30/2000 17:23:35
On 20 Dec, Chris Jones wrote:
> email@example.com writes:
>> On 17 Dec, Jason R Thorpe wrote:
>> > To be fair, you can also have this with Kerberos 5 -- acquire a TGT
>> > with forwardable credentials, and then tell whatever you're using to
>> > forward them:
>> I'm not clear on what this means. Can you expand on this?
> When you log in to a Kerberos system, it issues you a Ticket Granting
> Ticket, which represents your identity. When you telnet to another
> system, Kerberos will try to authenticate you to the remote system by
> requesting a service ticket, on the strength of the TGT it already has
> for you. In addition, if you configure it to do so, it can forward
> the TGT to the remote host. Here's the difference:
> With no TGT forwarding, you login at A, typing your Kerberos
> password. Then you telnet to B, and you don't have to type your
> password. Then you telnet from B to C, and you *do* have to type your
> password, because B doesn't have your TGT; it only has a service
> ticket for telnet or login.
> With TGT forwarding, you login at A, using your Kerberos password.
> Then you telnet to B, and it sends your TGT along to B. Then you
> telnet from B to C, and you can again login without a password.
> The clincher is this: Do you trust the administrator of B not to
> steal your TGT, once you transfer it to that system?
> Kerberos is really quite well thought out. I believe there's some
> good documentation on the design decisions, available from MIT
The one problem I see with this design, as with many, is that
if your TGT is hijacked in the opening session, all other
systems are vunerable to similar hijacking.
Can I get your opinin on this, and of course, anyone else