Srinivas Kakde wrote:
It is a bad idea because it permits an untrusted party, the server you want to communicate with, to decide who it is that the client is trying to authenticate to. It would be like walking down the street looking for an undercover police officer and instead finding a drug dealer. You decide to authenticate the undercover officer by calling the police precinct but instead of using a phone number for the precinct that you obtained from the Verizon phone book you ask the drug dealer for the phone number of the precinct. When you call the provided number, his accomplice answers and confirms that he is in fact a police officer.This message says: From a security standpoint, allowing the server to specify its service principal is a "bad idea".Why it a bad idea?
The security of the authentication is based upon the name. By asking you to authenticate to a name selected by the attacker, you can be tricked into using a KDC that is in fact under the control of the attacker.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
