[OpenAFS] The Illusion of Security

Sam Hartman hartmans@MIT.EDU
Mon, 18 Aug 2003 08:34:34 -0400 (EDT) 

>>>>> "Rodney" == Rodney M Dyer <rmdyer@uncc.edu> writes:

    Rodney> Subtitled "My Gripe with Pipe" Hi everyone,

    Rodney> Originally the email centered around the simple question
    Rodney> of why the MIT Kerberos for Windows "kinit" client will
    Rodney> not allow passwords to be provided through stdin.  See...

    Rodney> 	http://www.coe.uncc.edu/~rmdyer/krblogon.htm Section:
    Rodney> Very Important Notes SubSection: "Bug in MIT's version of
    Rodney> KINIT.EXE prevents reading passwords from stdin"

It's probably a good idea to at least copy one of the MIT Kerberos
lists on bugs yu find in our code.  We don't tend to read the OpenAFS
lists and we don't suddenly become aware of issues that aren't brought
to our attention.

    Rodney> At this point if anyone has any other reasons I'd love to
    Rodney> hear them.  I suppose these are all perfectly valid
    Rodney> reasons for intentionally coding "kinit" so that it can't
    Rodney> allow stdin to be used.


    Rodney> But...


    Rodney> I'm what might be termed as a practical, or practitioning
    Rodney> systems programmer.  That means that for solving the given
    Rodney> problem of the day I may not always be capable of pursuing
    Rodney> idealistic solutions.

    Rodney> Case in point, for the problem of gluing together three
    Rodney> differing systems of AFS, Windows, and Kerberos 5 I had to
    Rodney> put together something that I had hoped would be easy to
    Rodney> understand, require little code, be easily scriptable, use
    Rodney> off-the-shelf components that people are already familiar
    Rodney> with, and above all else be secure.  I had put together
    Rodney> the method of using the AFSLogonShell, kinit, and aklog,
    Rodney> to solve a number of niggling little problems with storing
    Rodney> user accounts in AFS while authenticating my users to
    Rodney> Kerberos 5.  This all seemed to be very rational to me.

    Let's assume that MIT's kinit for KFW did accept passwords on
    stdin.  Would you have had to modify any of the AFS code or is
    there already a facility for starting a shell during the afs login
    process?