> And what prevents a Kerberos server from being compromised? Any
> system can have a root-kit installed on it.
I am hoping that this is not flame bait...
Clearly, unless you want to reinvent the classic idea
of provably correct systems, you will/must make some
tradeoffs in the real world because provable security
is never affordable just as affordable security is
never provable.
As such, single purpose machines running open-source
security code on stripped platforms, watched like a
hawk by competent paranoids, and speaking only well
beaten crypto over well beaten protocols will win.
Kerberos fits that bill to a Tee; you can bust into
the inner sanctum, grab the KDC, and dive out the
window into your waiting getaway vehicle only to
discover that what you have is a brick. You can try to
remotely attack it and install whatever you want, but
there is very little attack surface plus you'll have to
be smarter/luckier than the several hundred genuine
worthies who've already come up dry. If you want to
find something to fear in a large scale Kerberos plant,
fear keystroke capture on serially reusable client
machines or the ever-available "key purchase" attack.
--dan
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
