I have been asked to raise the issues outlined below on this list. I will
be happy to summarize any comments for reposting to the group. Please
understand that I am not asking anyone to divulge what might be considered
sensitive information about your particular site's security strategy. We
are after advice on what might be cost effective solutions in general terms
to what we percieve to be a universal problem for system administrators.
We have a bit of an issue as regards security. The auditors are not
happy with our authentication scheme. They are concerned that
authentication details, usernames and passwords, are transmitted across
the network unencrypted and are thus vulnerable to sniffer attacks. We
are being pushed to implement Kerberos.
Our current authentication scheme for all central UNIX systems is to
use a common NIS shared password file. We restrict access to the
various machines for different types of users, with netgroups and
customized shells which deny access.
We have customized the passwd program to guard against users who choose
poor passwords.
We are developing a Web interface for password modification that uses
SSL. Our intention was to move to this for all password modification
whether it be for Unix or NT.
We have retrieved Kerberos 5 from MIT, have compiled it and done some
limited testing. We are now not convinced that Kerberos will prove to
be a practical solution to the perceived problems with our
authentication scheme.
It is our understanding that in order to implement Kerberos
effectively, all users will require kerberized client software to log
into the systems (ie. telnet, ftp, Xterm, http etc.). These do not
appear to be available cheaply enough for us to apply a Kerberos
authentication scheme universally across our systems, on the range of
client platforms we need to support, not to mention the significant
user education that would then be required to have them installed and
functional. Are you able to comment on these perceptions? Have we
misinterpreted something?
Kerberos also appears to be subject to licensing and distribution
restrictions outside the USA. Can you shed any light on this?
Does your general knowledge of the way others sites handle the problem
of securing authentication exchanges on the network allow you to
comment on whether our current authentication scheme is less secure
than most sites (particlularly educational)? If so what, in general
terms, have been the most cost effective methods employed by those
sites that have solved this problem?
+---------------------------------------------------------------------+
| John Miller | Internet Mail - John.Miller_at_jcu.edu.au |
| Computer Centre |
| James Cook University of North Queensland | Phone: +61 77 815447 |
| Townsville, 4811, AUSTRALIA | Fax: +61 77 815230 |
+---------------------------------------------------------------------+
Received on Wed Nov 26 1997 - 02:10:56 NZDT