Suppose I want to send a command to a print server on a netwerk that has been secured with Kerberos. To do so, I authenticate myself to the KDC and get a TGT, and then another ticket from the TGS for the print server. I then authenticate myself to the print server and I can then send it a print command, signed with the session key. But suppose someone is listening on the network and sniffs the command I sent it, what prevents him from replaying it to the print server and thus being able to print the same file I just printed during the same session (so same session key)? A solution would be to get a new ticket (and thus new session key) from the TGS for every command you send to the print server but I don’t think this is required in the Kerberos protocol?
Aucun commentaire:
Enregistrer un commentaire