Security with Samba 3.0 and Kerberos

[Antti Tikkanen]

Hi all,

I have not seen any discussion about how secure Kerberos authentication
is when used with a Samba 3.0 server. After some tests mainly on replay
attacks I do have a few concerns.

The 3.0 alpha versions of Samba do not seem to cache used authenticators?
This combined with the fact that if a W2k Server is acting as KDC, the
Kerberos tickets will *not* include IP addresses makes a replay attack really,
really easy. The time skew limit is absolutely not enough. All I need to do
is listen in to the session setup andX and use a slightly modified client
to replay the KRB_AP_REQ and log in with someone else's credentials.

Effectively this makes Kerberos authentication as secure as plaintext
passwords over the network, or would you agree?

In contrast, a Windows 2000 Server will cache used authenticators. This
makes things a little bit harder. Still, if a malicious user has access to
the local network, capturing the KRB_AP_REQ and replaying it to the server
before it has a chance to cache it is not a hard task.

Any comments would be appreciated.

Antti

-- 

Antti.Tikkanen at hut.fi
Helsinki University of Technology
Computing Centre