AFS and tokenforwarding

Bjoern Groenvall bg at
Fri Oct 5 05:23:53 EST 2001

>>>>> "Simon" == Simon Wilkinson <sxw at> writes:

>> If the token is forwarded before authentication then you don't know
>> if the server is really who you think it is, so you might be
>> forwarding your token to an impostor. Ooops.

Simon> But, assuming this is a Kerberos token you are discussing, is
Simon> the token not protected by being encrypted with the session
Simon> key, which in turn is encrypted with the server's host key?

The token is passed in a "usable form", i.e both ticket and the
corresponding session key is passed.

Simon> So, an imposter could get something to brute force, but they
Simon> could get that via a passive attack anyway.

No brute force is required.

Simon> I would agree however, that forwarding a TGT _before_ the users
Simon> credentials have been accepted seems theoretically wrong,
Simon> however practically safe it may be.

The user should not forward a TGT before the server has been
authenticated. With ssh v1 this is however not possible, regardless if
this is done before or after user authentication the server is still
not properly authenticated.


  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg at, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 

More information about the openssh-unix-dev mailing list