Kerberos n00b question.
Grant Taylor
gtaylor at tnetconsulting.net
Tue Jan 8 22:55:05 EST 2019
On 1/8/19 8:35 PM, Russ Allbery wrote:
> Yes. A lot of higher education institutions that have used Kerberos
> for many, many years have their KDCs directly on the Internet and allow
> clients to authenticate from anywhere.
Oh. Good!
> PKINIT is just a replacement preauth mechanism, instead of enc-timestamp.
> Basically, the client uses an X.509 authentication instead of a proof
> of key possession as the preauthentication step to establish a shared
> session secret that is used to encrypt the TGT. (This may not be 100%
> accurate; it's been a while since I dug into the protocol.)
>
> FAST is a replacement for the whole preauth step. It uses some
> pre-existing shared session key between the KDC and the client to
> encrypt the whole preauthentication exchange. Inside of that, you can
> use various preauthentication mechanisms.
>
> Where they usefully combine is in how to get that pre-existing shared
> session key to be able to start using FAST. This is a chicken-and-egg
> problem with traditional Kerberos: you have to authenticate first in
> order to authenticate. You can, for instance, use the local host key
> (which is probably randomly generated and therefore safer to use in
> a direct exchange with the KDC) to get a session key to start FAST,
> and then do preauthentication with the (weaker) password-derived key.
>
> Anonymous PKINIT lets you out of that trap by letting the client
> "authenticate" with anonymous Diffie-Hellman to the KDC. This doesn't
> establish any meaningful identity, but it *does* get you a shared
> session key, and with that you can start FAST, and use it to protect
> any subsequent preauthentication exchange.
>
> Note that you can enable anonymous PKINIT even if you don't otherwise
> use PKINIT and don't have any client certificates. (You ideally do have
> a KDC certificate, though, that the clients know about.)
Thank you for the concise responses. I will do more reading on FAST,
PKINIT, Anonymous PKINIT. But now I have a better idea how the pieces
fit together.
Plus, CA thrown in for good measure.
Isn't security fun and simple? - What ever happened to the days of
3Rot13. ;-)
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190108/5b8856e7/attachment.bin
More information about the Kerberos
mailing list