Question about keytabs and ktutil
Greg Hudson
ghudson at MIT.EDU
Sat Dec 25 01:48:18 EST 2010
On Thu, 2010-12-23 at 13:53 -0500, Brian Candler wrote:
> Could someone please explain to me why there needs to be a separate entry in
> the keytab for each encryption type which might be encountered? Is the key
> somehow partially-processed before it is stored?
Different enctypes have different keys. If the key is based on a
password, then there is an enctype-specific method ("string-to-key") for
turning the password into a key. String-to-key functions are difficult
to reverse, so if a keytab is compromised, the password itself might not
become known (relevant if it was also used for a different purpose).
> In some circumstances I'd like to add a principal in the KDC with a
> manually-chosen passphrase, and enter the same passphrase into a keytab at
> the host side, rather than use kadmin on that host or use kadmin on another
> host and then copy the keytab across.
>
> But ktutil makes it clear that separate entries are needed for each
> encryption type:
Yeah, that's not the friendliest UI for this operation. I'll make a
note.
In a more perfect world, you would only need one enctype for a service
principal. Unfortunately, because our KDC assumes that the enctypes
present for a service also indicate the session key enctypes handled by
the service, there must be overlap between the client's
permitted_enctypes and the server principal's enctypes.
> So does this mean a KDC will still generate keys for weak algorithms, but
> won't actually use them unless allow_weak_crypto=true ?
Yes. allow_weak_crypto does not filter supported_enctypes (which is
used when a principal is keyed without specifying a key-salt list), but
does filter the enctypes the KDC will actually permit in requests.
More information about the Kerberos
mailing list