Security with Samba 3.0 and Kerberos
lha at stacken.kth.se
Sat Apr 5 23:07:24 GMT 2003
Antti Tikkanen <antti.tikkanen at hut.fi> writes:
> Hi all,
> I have not seen any discussion about how secure Kerberos authentication
> is when used with a Samba 3.0 server. After some tests mainly on replay
> attacks I do have a few concerns.
> The 3.0 alpha versions of Samba do not seem to cache used authenticators?
> This combined with the fact that if a W2k Server is acting as KDC, the
> Kerberos tickets will *not* include IP addresses makes a replay attack really,
> really easy. The time skew limit is absolutely not enough. All I need to do
> is listen in to the session setup andX and use a slightly modified client
> to replay the KRB_AP_REQ and log in with someone else's credentials.
> Effectively this makes Kerberos authentication as secure as plaintext
> passwords over the network, or would you agree?
Assuming you know the key that inside the authenticator, protocols that
doesn't provide integrity checking are broken by design, adding kerberos
replay cache wont really help.
Reply caching protects you (when you have a integrity checked protocol)
agaist replying operations. You can make the server do the same thing as i
did last time.
More information about the samba-technical