Kerberos n00b question.

Russ Allbery eagle at eyrie.org
Mon Jan 7 12:53:35 EST 2019


Grant Taylor <gtaylor at tnetconsulting.net> writes:

> It's my (mis?)understanding that communications between Kerberos clients
> and the KDC are in the clear (but do not include the password), and that
> there is functionally no communications between a remote server and the
> KDC.

I don't think describing it as "in the clear" is quite right, but a
default Kerberos configuration using enc-timestamp and no tunneling as the
preauth mechanism is somewhat vulnerable to packet capture followed by an
off-line dictionary attack to recover the authentication key.  The
standard solution for this is FAST, which protects the initial
authentication against this attack.  (You do need some other credential to
set up the FAST tunnel, but you can use anonymous Diffie-Hellman via
anonymous PKINIT, or you can use a randomized key.)

The attack still requires subsequent work; you can't just snoop the
connection between the client and the KDC and immediately get credentials.
The work factor is basically linked to the complexity of the client key,
so it's not much of a worry for a randomized key but is a worry for user
passwords.

> As such, I'm wondering if it would be relatively safe enough to use
> Kerberos to authenticate to a VPS in the cloud when both the client and
> KDC are on the LAN.  I think Kerberized SSH would be the only Kerberos
> related traffic across the Big Bad Internet to the VPS.  Is this
> correct?

Yes.

> Can anyone point me to some general reading that any /a ll Kerberos n00b
> should read?  (I've been following How-Tos and gotten a lot to work.)

I don't have a good answer for this, unfortunately.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list