unified authentication

Tillman Hodgson tillman at seekingfire.com
Thu Sep 25 07:32:53 PDT 2003


On Wed, Sep 24, 2003 at 11:10:55PM -0700, Jason Stone wrote:
> > > Well, it's worse than that - since the packets are not authenticated in
> > > any way, an active attacker doesn't need to crack passwords - he can just
> > > inject his own packets which can have crypted passwords that he knows.
> >
> > Which is why I use NIS with Kerberos - the passwords aren't in the NIS
> > maps and injected fake users won't be authenticated by Kerberos.
> 
> Okay, but I can still set jason's uid the same as tillman's and then use
> his dot-files to alias his ssh to a trojan.  Or set jason's uid to zero....

How is this attacker injecting packets onto the network? They must have
obtained root on the local machine. If they have root on the local
machine they can trojan files /anyway/. They can change UIDs around all
they want. This situation is dangerous no matter what network
authorization system is in use.

Running NIS over IPsec would be better, of course, just as running
/anything/ over IPsec is generally better. But I don't think that it's
trivial to compromise Kerberos+NIS as a regular user.

-T


-- 
All beings are Buddha. All beings are the truth, just as they are.
	Robert Aitken


More information about the freebsd-security mailing list