>>>>> "Jerome" == Jerome Walter <[EMAIL PROTECTED]> writes:
Jerome> Difficult is not enough ;) Yes, for now, i created 3
Jerome> different contexts, for kdc, kadmind and kerberos
Jerome> applications. The restriction is fairly strict and a
Jerome> compromised kdc should not mean possibility to get a root
Jerome> priviledge, nor change any passowrds in the realm.
But difficult is all you get. If I can execute arbitrary code in the
kdc context, I can read keys from the database and transmit them over
thenetwork. I then break in with a kadmin request.
The KDC is fundamentally part of the TCB. You can make exploiting it
harder, but a bug in the KDC that leads to arbitrary code execution
does compromise the authentication infrastructure.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
