[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On shisa and its password disclosure.

From: Simon Josefsson
Subject: Re: On shisa and its password disclosure.
Date: Wed, 03 Apr 2013 01:39:30 +0200
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.2 (gnu/linux)

Mats Erik Andersson <address@hidden> writes:

> Dear all,
> I am somewhat disturbed by that fact that the superuser
> is able to execute
>    # shisa -d --keys
> thereby gaining access to all passwords for all principals
> of the running KDC.
> Contrast this to the situation with MIT Kerberos or Heimdal,
> where a selected administrator is entrusted with the power to
> inspect such secrecies, which the superuser is unable to access,
> unless he was able to snoop the administrator's password.
> Am I lacking some insight, or is there a security issue here?

This was a design choice.  It may not have been the best one.

Storing the password allows some flexibility if crypto parameters needs
to be changed later on.  The KDC can then recompute the hashed keys.  It
also allows the same password database to be used by other protocols in
the future, that may need access to the raw password.

Remember, it should be _possible_ to use the Shishi KDC without storing
the password: just convert a password to a key and then store that in
the database.  So someone genuinely concerned about this should be able
to work around it.

There ought to be a parameter to shisa, possibly even enabled by
default, that forgets the password after generating a key that is stored
on disk.  This would make it easier to setup a KDC without storing
plaintext passwords.  Still, I believe it should be possible to use the
current approach too: some may want the flexibility gained by storing
the plaintext passwords.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]