Hi kerberos folks-- Could anyone point me to information about the security concerns involved with opening a krb5 realm to the Internet (or any other untrusted WAN)?
I've looked in several places, but could only find a couple of remarks on this list from last year: http://mailman.mit.edu/pipermail/kerberos/2005-March/007331.html http://mailman.mit.edu/pipermail/kerberos/2005-March/007332.html And those dealt with data reliability issues (TCP instead of UDP) instead of security issues. i found a 5-year-old thread here: http://www.sage.org/lists/sage-members-archive/2001/msg00349.html but it is negative about K4 and fairly vague about kerberos version 5 (and i'm not planning on using K4, even in translation). I think i understand the basic K5 protocol, but i don't have my head wrapped around the different possible attack vectors well enough to know if opening up a KDC to the internet is really asking for trouble (e.g. how much krb5 traffic needs to be sniffed for an attacker to compromise a ticket within the ticket's expiration window?). Has anyone on this list run KDCs that are globally accessible? Do you have any tricks you'd like to share? For example: did you use IP-based blocking on IPs with too many failed auth requests? if so, did you experience problems with NAT'ed users locking each other out? did you tunnel your krb5 traffic inside some other encrypted layer (e.g. ssl or ssh) to avoid sniffing? Is this even necessary? Is there some documentation i've missed? Am i crazy for even considering krb5 on a WAN? Any advice or pointers would be most appreciated. Regards, --dkg ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
