The client says to the trusted server, remember this small piece of data (probably a session key) for a short period of time (probably hours to days). The client then forgets it and queries the server if it ever needs it again during that period.
Assume a secure communication channel between client and server.
Also supported is the client request: forget that stored data now.
The goal is to abstract out a desirable (but sometimes annoying) feature of Kerberos (kinit and kdestroy): tickets have limited lifetimes. Thus, even if a ticket is compromised, e.g., the client machine compromised, the attacker only has a limited time frame to cause harm.
Extend to emulate "renewable" tickets, a request to reset the ticket timer to zero (but not the renewable length timer). The client must periodically send keep-alive ("renew") requests.
Would it be better if the key were randomly generated on the server, and the client merely sent requests for decryptions? Then the key would never leave the trusted server.
Emulate "forwardable" tickets with a ssh server (etc.) that kicks you off at after the lifetime specified at login.
No comments :
Post a Comment