Kerberos n00b question.

Grant Taylor gtaylor at tnetconsulting.net
Tue Jan 8 22:55:05 EST 2019


On 1/8/19 8:35 PM, Russ Allbery wrote:
> Yes.  A lot of higher education institutions that have used Kerberos 
> for many, many years have their KDCs directly on the Internet and allow 
> clients to authenticate from anywhere.

Oh.  Good!

> PKINIT is just a replacement preauth mechanism, instead of enc-timestamp. 
> Basically, the client uses an X.509 authentication instead of a proof 
> of key possession as the preauthentication step to establish a shared 
> session secret that is used to encrypt the TGT.  (This may not be 100% 
> accurate; it's been a while since I dug into the protocol.)
> 
> FAST is a replacement for the whole preauth step.  It uses some 
> pre-existing shared session key between the KDC and the client to 
> encrypt the whole preauthentication exchange.  Inside of that, you can 
> use various preauthentication mechanisms.
> 
> Where they usefully combine is in how to get that pre-existing shared 
> session key to be able to start using FAST.  This is a chicken-and-egg 
> problem with traditional Kerberos: you have to authenticate first in 
> order to authenticate.  You can, for instance, use the local host key 
> (which is probably randomly generated and therefore safer to use in 
> a direct exchange with the KDC) to get a session key to start FAST, 
> and then do preauthentication with the (weaker) password-derived key.
> 
> Anonymous PKINIT lets you out of that trap by letting the client 
> "authenticate" with anonymous Diffie-Hellman to the KDC.  This doesn't 
> establish any meaningful identity, but it *does* get you a shared 
> session key, and with that you can start FAST, and use it to protect 
> any subsequent preauthentication exchange.
> 
> Note that you can enable anonymous PKINIT even if you don't otherwise 
> use PKINIT and don't have any client certificates.  (You ideally do have 
> a KDC certificate, though, that the clients know about.)

Thank you for the concise responses.  I will do more reading on FAST, 
PKINIT, Anonymous PKINIT.  But now I have a better idea how the pieces 
fit together.

Plus, CA thrown in for good measure.

Isn't security fun and simple?  -  What ever happened to the days of 
3Rot13.  ;-)



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190108/5b8856e7/attachment.bin


More information about the Kerberos mailing list