It is currently possible to set up a network environment in which all of the major network services, except for electronic mail, are authenticated using the Kerberos or Secure RPC mechanisms. These network services include: remote login, remote execution, file transfer, and transparent file access (i.e., access of remote files on the network as though they were local).
Authentication is important with electronic mail. When mail is sent, it is important that no one can send mail under a name other than the actual author of message sent. However, this scenario does not address the problems of electronic mail. For a discussion of electronic mail, see chapter 11 and sections 9.2.4 and 10.2.4.
This scenario assumes that the network environment consists of two kinds of systems: client workstations and server systems. Client workstations access network services from the servers. Servers are administered by responsible individuals whose job is to provide network services to the client workstations. The user of the client workstation is authenticated by means of Kerberos or Secure RPC for every service accessed on a server. No use of a server is permitted without that use being authenticated by Kerberos or Secure RPC.
As noted in section 10.4.7, with both the use of Kerberos and Secure RPC, there is the possibility of a workstation owner and/or administrator using su to impersonate another user who may be logged into the client workstation. Client workstations may be used either by a single individual or by several individuals. When a workstation is used by a single individual, that individual is typically the owner/administrator of the workstation and, in this scenario, no other user is permitted access. When a client workstation is used by several individuals, then the workstation is administered by a responsible administrator and, in this scenario, the workstation is configured so that no user may perform an su. This reduces the possibility of the workstation owner and/or administrator using su to impersonate another user who may be logged into the owner's workstation.
This scenario greatly reduces the threat of impersonation over a network as compared to the traditional practices such as password only authentication and trusted hosts. With Kerberos and Secure RPC, passwords are not transmitted over the network in plain text. Discovering passwords by intercepting packets is not easily accomplished but remains a potential threat. As described in the previous section, the potential threat of discovering passwords by intercepting packets is greater with Kerberos than with Secure RPC. However, both Kerberos and Secure RPC use techniques which make impersonation by means of packet replay or packet modification very difficult if not virtually impossible.