Security with Samba 3.0 and Kerberos
antti.tikkanen at hut.fi
Fri Apr 4 20:12:06 GMT 2003
I have not seen any discussion about how secure Kerberos authentication
is when used with a Samba 3.0 server. After some tests mainly on replay
attacks I do have a few concerns.
The 3.0 alpha versions of Samba do not seem to cache used authenticators?
This combined with the fact that if a W2k Server is acting as KDC, the
Kerberos tickets will *not* include IP addresses makes a replay attack really,
really easy. The time skew limit is absolutely not enough. All I need to do
is listen in to the session setup andX and use a slightly modified client
to replay the KRB_AP_REQ and log in with someone else's credentials.
Effectively this makes Kerberos authentication as secure as plaintext
passwords over the network, or would you agree?
In contrast, a Windows 2000 Server will cache used authenticators. This
makes things a little bit harder. Still, if a malicious user has access to
the local network, capturing the KRB_AP_REQ and replaying it to the server
before it has a chance to cache it is not a hard task.
Any comments would be appreciated.
Antti.Tikkanen at hut.fi
Helsinki University of Technology
More information about the samba-technical