when would you not want +requires_preauth?

Nico Williams nico at cryptonector.com
Tue Jul 19 15:09:47 EDT 2011


On Tue, Jul 19, 2011 at 2:01 PM, Ken Dreyer <ktdreyer at ktdreyer.com> wrote:
> On Tue, Jul 19, 2011 at 12:39 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> The best practice is to set +requires-preauth (and probably
>> -allow_tgs_req) on principals with password-derived keys and leave it
>> unset on principals with random keys.
>
> I thought the "best practice" would be to set requires-preauth on
> every principal? I don't want to give someone the ability to offline
> attack any of my principals...

Assuming a strong enough RNG you can't mount an off-line dictionary
attack against pre-auth-less AS-REPs for client principals with
randomized keys.  (The same goes for tickets, which is why you don't
want to allow tickets to be issued for service principals whose keys
are really derived from weak passwords.)

Nico
--



More information about the Kerberos mailing list