[OpenAFS] OpenSSH 3.5p1 + ~/.shosts + token passing?

[Derek Atkins]

steve rader <rader@ginseng.hep.wisc.edu> writes:

>  > From: Derek Atkins
>  > Tokens are usable by whomever has them.  If you pass your token before
>  > you authenticate the server, then you could be passing your token to a
>  > man-in-the-middle or any other third party.  Once you do that, they
>  > are effectively YOU until your tokens expire.
> 
> Ahh.  Has this problem ever actually be exploited?

Yes.  You exploit it every time you "pass" an AFS token!

>  > This is why the "OLD" protocol was considered insecure.  You want to
>  > remove security for convenience??
> 
> See the Subject line: I want to do rhosts with AFS
> passing token.  Is it possible with stock OpenSSH
> 3.5p1?  If so, how?

I can't answer about specifically OpenSSH 3.5p1, however theoretically
there is no particular reason that you could not -- the only issue is
that you need to authenticate before you pass the token.

> There is always a trade-off 'tween security and
> convenience, right?  Correct me if I'm wrong, but it
> looks like your patch is the way to go if your notion
> of security vs convenience (rightfully) falls on the
> security end of the spectrium.

In the long run, however, you're better off using KRB5 and
TGT-passing.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com