On Wednesday, Feb 19, 2003, at 23:19 US/Pacific, Gordon Messmer wrote:
On Wed, 2003-02-19 at 21:54, John Rudd wrote:On Wednesday, Feb 19, 2003, at 15:05 US/Pacific, Brian Candler wrote:Bzzt. Wrong. Thanks for playing.I am not quite sure what you're getting at. You cannot design a password-based authentication system where there is neither a 'cleartext' shared secret at the server, nor a 'cleartext' password sent over the wire.
Use Kerberos, with Kerberized POP, SASL Kerberos v4, or SASL Kerberos
v5.
It does _EXACTLY_ what your first paragraph says you cannot design, and
does so without public-key authentication.
No it doesn't.
Yes, it does.
Because the KDC knows the master key, and the master key is what is used to _encrypt_the_database_. If you want to access the key database directly, YOU have to know the master key pass-phrase too. You cannot just look in the database using the appropriate database tools (for whatever database engine you're using), because the entries are all encrypted. If you (the kerberos administrator) forget the master key pass-phrase, you're kinda screwed.1) the keys are encrypted in the KDC, not plain textYou're mistaken. The KDC stores plain text passwords. The password is what is uses as the encryption key on tickets. How else do you think they are encrypted by the KDC and then decrypted only by the user requesting the TGT? http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#weakness
(nothing Ken said contradicts what I have asserted)
From what I recall, what the KDC stores isn't even "your encrypted password". It stores a ticket that is encrypted with your password. This encrypted ticket is then re-encrypted with the master key when it is stored in the KDC. So, when you request an authentication with 'kinit', kinit sends a request to the KDC, the KDC decrypts your database entry with the master key (leaving it still encrypted with your password/pass-phrase). Then it sends you THAT (with some other operations performed upon it to make it have a lifetime, etc.), and that's what arrives at your computer. You then try to decrypt the ticket using your password. If kinit can decrypt the ticket with your password, then obviously you have the right password for your user/principle name and you can then use that ticket to decrypt service tickets (service tickets are used for authentication to services offered by hosts). If the password you gave doesn't decrypt the ticket, then the authentication fails.
So,
1) KDC doesn't store authentication data unencrypted
2) Your password is never sent across the wire in an unencrypted form (and I'm pretty sure it's never sent across the wire at all)
No. That is not the secret that they share. The shared secret is the ticket granting ticket.2) the mechanism is 'shared secret' basedWhich means that the server and the user both know the password. They share that secret.
-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
