On 12/23/2015 03:50 PM, Jerry Shipman wrote: > Is there a way to do what I’m trying to do? > Or, is there a reason that it is dangerous to avoid verifying that IP match, > and I shouldn’t try to work around it?
The only really useful purpose of checking addresses is preventing reflection attacks, where an attacker takes a KRB-PRIV or KRB-SAFE message from one of the parties and send it back to them as if it came from the other party. Many protocols aren't susceptible to reflection attacks because they don't use similar formats for requests and responses. After verifying that the kprop protocol isn't vulnerable, we could probably make changes similar to the ones we made to kpasswd to allow it to work over NATs. (Protocols using GSS don't have this problem because GSS tokens only use direction bits, not addresses. Well, unless they use IP address channel bindings, which isn't common.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
