[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.16. What is cross-realm authentication?
Next Document: 1.18. Are there any known weaknesses in Kerberos?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.16. What is cross-realm authentication?
Next Document: 1.18. Are there any known weaknesses in Kerberos?
1.17. Are there security risks involved in cross-realm authentication?
When you set up a cross-realm secret, you are in essence trusting the remote KDC to only issue cross-realm tickets for the correct users. If you do not trust the foreign KDC then all principals from the foreign realm are suspect. However, a realm which you share a cross-realm secret with cannot acquire a ticket for a user in your local realm; a foreign KDC can only cause tickets to be issued that identify users from the foreign realm (in other words, there's no way a KDC can cause a ticket to be generated for a principal in a realm other than it's own). All of the daemons that come with the MIT Kerberos 5 release do not trust principals in foreign realms by default; you have to explicitly enable them using ACLs. So as long as foreign-realm principals are not on any ACLs in your realm, there isn't a risk. If you do decide to place foreign-realm principals on ACLs, you will have to remember that the security of that principal depends on the security of the foreign realm.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.16. What is cross-realm authentication?
Next Document: 1.18. Are there any known weaknesses in Kerberos?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update October 14 2008 @ 00:11 AM