On 04/25/2014 11:49 PM, Ben H wrote: > Based on your prior explanation I can't help but infer this means that > although the new forwardable TGT session key may be different than my > original TGT, it is still shared between all hosts that I delegate to, > leading to a possible attack against all systems should one be > compromised?
It's debatable whether this qualifies as an "attack." If one of the target hosts goes rogue with the forwarded TGT, it can impersonate the client principal and take arbitrary actions on that principal's behalf. Being able to also decrypt the traffic of other target hosts is a relatively small escalation in comparison, but it is an escalation of sorts. > Is this the reason that MIT chooses to request a new TGT > for each connection? Yes, this is the main security concern we would have about changing the MIT krb5 behavior to use one forwarded TGT for all forwarding operations. It's possible that we might change it anyway, as it can have a major impact on performance for HTTP negotiation. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
