On Tue, May 26, 2020 at 4:59 PM Jeffrey Altman <jalt...@secure-endpoints.com> wrote: > > On 5/26/2020 6:31 PM, Ken Dreyer wrote: > > On Tue, May 26, 2020 at 3:58 PM Jeffrey Altman > > <jalt...@secure-endpoints.com> wrote: > >> > >> 2. Before the existence of DNS SRV records, CNAME records were the > >> only method of offering a service on multiple hosts. However, > >> its a poor idea to share the same key across all of the hosts. > > > > I'm curious about this. What makes it a poor idea? > > > > It seems like a very convenient way to scale a service up and down > > dynamically quickly when you share a key among all instances. > > Because if you hack into one of the hosts you now have the key for all > of the hosts. The holder of the key can forge tickets for any user.
This is true only if the administrator has enabled constrained delegation for that key (eg. ok_to_auth_as_delegate) right? Is there some other scenario I'm missing? > Since the key isn't unique the entire distributed service has to be > shutdown to address the vulnerability. Ok, that makes sense. I was thinking of a homogeneous environment where each app server runs the exact same versions of code, so an attacker entry through a vulnerability on one system means that all systems almost certainly have the same vulnerability. > It is also much harder to trace where the key was stolen from. Yeah, that's fair. - Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
