Kerberos n00b question.

Robbie Harwood rharwood at redhat.com
Tue Jan 8 20:02:32 EST 2019 

Grant Taylor <gtaylor at tnetconsulting.net> writes:

> On 01/07/2019 12:21 PM, Robbie Harwood wrote:
>
>> The biggest concern in a new Kerberos deployment is secrets being 
>> based on passwords.  To varying degrees, this reduces the strength of 
>> the system as a whole to the strength of the passwords.
>
> Yep.
>
> I suspect the -randkey option when adding a principal is significantly
> better than a password.
>
> I wonder if there is any possibility of users using a random key that
> is password protected.  Thus using the password unlocking the random
> key that is used to secure communications.  - I suspect that would
> make keys used for users as secure as -randkey for services, at least
> as far as brute forcing things.  Of course you would need to protect
> the encrypted key.  But that's a different issue.

It still reduces to the security of a password (the one locking the
random key).  But as Russ points out, you may be interested in PKINIT if
users choosing strong passwords is a serious worry.

Also!  2FA will mitigate this concern somewhat as well.  krb5 is
prepared to hand off to a RADIUS responder for OTP (freeIPA uses this,
which I know you're not interested in but is meaningful as a PoC); you
can then use something like freeOTP or a physical 2fa token for
acquiring additional credentials.

>> In the system proposed in the dialogue above, for instance, 
>> it's possible to observe an exchange and mount an offline 
>> dictionary attack against it.  More information on 
>> mitigating that (which isn't too hard) can be found here: 
>> https://web.mit.edu/kerberos/krb5-devel/doc/admin/dictionary.html#dictionary
>
> That's an interesting read.
>
> I wonder if I should recreate my user principals (the few that exist in 
> my test REALM) using "+requires_preauth -allow_svr".

You don't have to recreate them, but yes, it's a good idea to set
+requires_preauth.  Setting -allow_svr will I believe block the use of
U2U and make kvno on user principals no longer work, but this may be
acceptable to you.

>> See above.
>
> Sorry, I can't translate that to what your opinion is about using 
> Kerberos between a LAN client (with a local KDC) and a web server across 
> the Internet.  (Thus the client <-> KDC interaction is on the LAN.)

Apologies.  I consider Kerberos (with preauth and strong passwords) safe
for internet use, as I imagine the rest of us on here do as well.

> I'm trying to build a mental model / working understanding of what 
> communications between KDC <-> client <-> server is sensitive and what 
> is okay to send across the Internet.  I /think/ that client <-> server 
> is okay as part of SSH.  -  I'm trying to understand if the client <-> 
> server is okay on it's own, or if it's also relying on security offered 
> by SSH.  Mainly so that I can judge how safe it is to use for other 
> protocols between the client and server (with or without other encryption).

Kerberos exchanges are not reliant on additional layers of encapsulation
for security.  Russ went into more detail on this I think for SSH.  But
it's all encrypted with pre-shared knowledge, be it passwords or keytabs
or certs (or things derived from those) - except for things that don't
need to be kept secret, like usernames.

> I think the biggest issue is that I need to get the keytab to the server 
> in a secure manner.  I would expect that something like scp / sftp would 
> suffice.

Yes.  Provisioning is always the hard part in any cryptosystem :)

It's possible to, on the server, kinit and acquire the keytab that way.
But if you're SSHing in already, there isn't really an advantage to
that.

>> It's worth mentioning that there are turnkey solutions for configuring 
>> entire identity management systems (i.e., including Kerberos) now. 
>> For instance, we develop FreeIPA ( https://www.freeipa.org/ ), which 
>> will mitigate these threats by default.
>
> I was vaguely aware of FreeIPA.  (I think) I now know more about 
> FreeIPA.  FreeIPA seems to be a purpose built Linux distribution that 
> incorporates the technologies listed under Main features section of the 
> link you provided.

It's not a Linux distro - it's a tool that can be run on man distros -
but yes.

> I feel like FreeIPA is analogous to a Lego set that produces one
> particular structure using the aforementioned technologies as some of
> the Lego bricks.  - I personally want to learn how to use the Lego
> bricks within my existing structures.  I've already got LDAP,
> Kerberos, NTP, DNS, and SSSD working (to my satisfaction).  So I'm
> reluctant to throw those integrated things out and introduce a new
> turn key appliance, namely a FreeIPA (V)M.

Totally fine!  I also appreciate the need to tinker - but I've also set
up enough realms to be tired of trying to figure out what I did wrong
with LDAP this time :)

Thanks,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190108/7d487e05/attachment-0001.bin

More information about the Kerberos mailing list