From owner-freebsd-stable  Thu Apr  2 22:57:58 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA02474
          for freebsd-stable-outgoing; Thu, 2 Apr 1998 22:57:58 -0800 (PST)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA02458
          for <stable@freebsd.org>; Thu, 2 Apr 1998 22:57:51 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id BAA14842; Fri, 3 Apr 1998 01:56:52 -0500 (EST)
Date: Fri, 3 Apr 1998 01:56:52 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Mark Murray <mark@grondar.za>
cc: Charles Quarri <randy@hackerz.org>, stable@FreeBSD.ORG
Subject: Re: Hesiod support on 2.2 
In-Reply-To: <199804030543.HAA24161@greenpeace.grondar.za>
Message-ID: <Pine.BSF.3.96.980403015427.21311Q-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

On Fri, 3 Apr 1998, Mark Murray wrote:

> To make Hesiod secure, you should not use it to distribute passwords 
> (encrypted or not). That is what Kerberos is for. One of the things I 
> have picked up in 48 hours of research.

Well, I actually did not intend to, nor was it my understanding that that
was MIT's intent on writing it.  They intended it as a directory service
for typical UNIX config files (such as /etc/hosts) and user information
(such as /etc/passwd, /etc/group).  Toehold would dynamically create
accounts on the machine, assigning them uids as appropriate, and use
Kerberos to authenticate the user.  However, the ability to specify passwd
entries + group entries + hosts entries, etc, could be used to attack a
machine in an insecure DNS arrangement.  As I understand it, MIT then
implemented kerberized DNS queries -- securing communication between the
resolver and the server using rcmd entries and krb_mkpriv.  This is not
equivilent to DNSsec, which digitally signs the DNS data, rather than the
transport.

  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message