[OpenAFS] token theft under XP

Friedrich Delgado Friedrichs 6delgado@informatik.uni-hamburg.de
Thu, 12 Dec 2002 13:55:21 +0100

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Charles Clancy schrieb:
> Scenario:
> 1. domain user 'x' logs in, gets tokens
> 2. 'x' logs out
> 3. local machine administrator goes in and creates local user 'x'
> 4. log in as local user 'x'
> 5. local user has access to the token and drive mappings obtained by the
>    domain user

Token theft is just as easy on any Unix machine (at least with
Kerberos 5 + AFS):
1. domain user 'x' logs in, gets tokens
2. local root logs in, while 'x's session is still active
3. root steals x's ticket cache (mostly /tmp/krb5_<UID>_something) and
   uses it to gain Kerberos 5 Ticket and thereby AFS Token

With kaserver it is probably just as easy, i never used it.

This might be argued as a little less severe, since the Ticket Cache
will be invalidated once the user -- or PAM -- destroys the Kerberos

In my opinion both are non-issues (i.e. not severe at all). Kerberos 5
and thereby AFS is meant to supply a secure means of authentication
for *secure* hosts over an untrusted network.

Both scenarios require elevated privileges and therefore the
precondition of the secure host is violated.

Kind regards
	Friedrich Delgado Friedrichs <friedel@nomaden.org>
Laziness led to the invention of the most useful tools.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.0 (GNU/Linux)