[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shisa and its password disclosure.

From: Russ Allbery
Subject: Re: On shisa and its password disclosure.
Date: Sun, 28 Oct 2012 15:39:27 -0700
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Mats Erik Andersson <address@hidden> writes:

> The execution of "shisa -d --keys address@hidden" will print the
> password in clear text, which I find uncomforting. All the more
> so since it is not at all needed in maintaining the keytab file.
> I would have expected a dicotomy like used for shadow passwords,
> where only a string hash is stored, not the plain text string.

It's unusual to actually store the passwords, but Active Directory does so
as well because it allows you to do several other interesting things: add
new enctypes without forcing a password change, and handle authentication
methods other than Kerberos where the authentication server has to know
the password and not just a precomputed key.

There's no real difference in security within a single realm, although it
does mean that one can compromise other authentications for the same user
if they reuse a password.

> Executing "kadmin.local: getprinc address@hidden" will not reveal the clear
> text password, only basic information about the principal.  In my
> admittedly limited experience with MIT/Solaris, there has never appeared
> a means for the administrator to make readable any clear text
> passwords. Is there such a command?

MIT and Heimdal don't store the password, so indeed you can't retrieve
it.  (ktadd in both cases can extract the existing key, however, from
which you can authenticate as that user just as if you had the password.)

Active Directory stores the password, but you have to have a very high
level of access to the LDAP store in order to retrieve it.

Russ Allbery (address@hidden)             <>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]