If a Windows 2000 service is not running as the local system account, then the Local Security Authority will contact the KDC to validate the authorisation data in the ticket. This is to prevent a service running with least privilege from forging a ticket to itself with more privileged authorisation data.
In practice the only the Local Security Authority has access to the service key so this attack would not be possible. It certainly adds a layer of complexity as far as interoperability is concerned. -- Luke >From: [EMAIL PROTECTED] (Tony Cowan) >Subject: Re: Architectural Question ... >To: [EMAIL PROTECTED] >Date: 6 Feb 2003 06:03:30 -0800 >Organization: http://groups.google.com/ > >> No, that's the beauty of Kerberos. > >Thanks Luke. >Someone tells me they've been sniffing and found that one particular >implementation does in fact hit the KDC to validate the ticket. >I wonder if it's actually hitting the KDC for some other purpose. >Getting further information perhaps .. I guess the "session" key >should be in the original message, so it shouldn't need to fetch that >... I wonder what else it might be. > >Cheers, >Tc. >________________________________________________ >Kerberos mailing list [EMAIL PROTECTED] >https://mailman.mit.edu/mailman/listinfo/kerberos -- Luke Howard | PADL Software Pty Ltd | www.padl.com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
