Skip Menu |
 

Download (untitled) / with headers
text/plain 2.8KiB
From kerberos-acl@MIT.EDU Wed Jan 10 16:23:01 2001
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id QAA22782
for <bugs@RT-11.MIT.EDU>; Wed, 10 Jan 2001 16:23:01 -0500 (EST)
Received: from GRAND-CENTRAL-STATION.MIT.EDU by MIT.EDU with SMTP
id AA01634; Wed, 10 Jan 01 16:24:49 EST
Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45])
by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id QAA06567
for <krb5-bugs@MIT.EDU>; Wed, 10 Jan 2001 16:23:00 -0500 (EST)
Received: from multics.mit.edu (MULTICS.MIT.EDU [18.187.1.73])
by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id QAA24885
for <krb5-bugs@mit.edu>; Wed, 10 Jan 2001 16:22:59 -0500 (EST)
Received: (from jhawk@localhost) by multics.mit.edu (8.9.3)
id QAA06467; Wed, 10 Jan 2001 16:22:59 -0500 (EST)
Message-Id: <200101102122.QAA06467@multics.mit.edu>
Date: Wed, 10 Jan 2001 16:22:59 -0500 (EST)
From: jhawk@MIT.EDU
Reply-To: jhawk@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: krb ftp requires unacceptable levels of trust
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 915
>Category: krb5-appl
>Synopsis: krb ftp requires unacceptable levels of trust
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: tlyu
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 10 16:24:00 EST 2001
>Last-Modified: Thu Feb 1 21:39:47 EST 2001
>Originator: John Hawkinson
>Organization:
MIT
Show quoted text
>Release: krb5-1.1.1
>Environment:

System: SunOS multics.mit.edu 5.7 Generic_106541-09 sun4m sparc SUNW,SPARCstation-5
Architecture: sun4

Show quoted text
>Description:
I would like to ftp some files from machine A to machine B. I don't trust
machine B very much, so I would like to not send it my password, nor forward any
tickets to it.

I can't see any way to accomplish this with kerberized ftp. My choices
seem to be either to use "ftp hostname" where I am forced to enter my password
to login, or to use "ftp -f hostname" where I do not have to enter my password
(good!) but my tickets are forwarded.

I can acheieve this with ssh via:

scp -o 'KerberosTgtPassing no' filename machineB:/path/to/file

It's disturbing that Kerberos seems to be requiring me to trust the far
end more than is necessary -- I do not think this is a good security policy.
It's unfortunate that using ssh over ftp seems to be required.

Show quoted text
>How-To-Repeat:
"ftp machineB"; observe I am prompted for a password.
Show quoted text
>Fix:
I don't know if this is a protocol-level issue or an application-level
issue.
Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: raeburn
Responsible-Changed-When: Thu Feb 1 21:39:33 2001
Responsible-Changed-Why:
Tom's been talking to jhawk about it. It's an Athena config issue.
Show quoted text
>Unformatted: