pkinit and passwords issues
Tom Yu
tlyu at MIT.EDU
Tue Feb 16 09:57:09 EST 2010
Jeffrey Altman <jaltman at secure-endpoints.com> writes:
> Setting a random password and setting it to never expire results in
> there being a password that can be brute forced over a long period of
> time and used as a backdoor. It would be much better if a property on
> the principal simply indicated "no password authentication permitted"
> and be done with it.
The "randkey" operation sets a random key, not a random password, so
the risk here is a brute force attack on the keyspace of the cipher,
not a dictionary attack. If you are using a cipher that has a
keyspace small enough to pose significant risk (e.g. single-DES), you
should consider using a stronger cipher.
There is still value in being able to disable password-based
authentication for a principal, such as a situation where the
administrator wants to keep a password-derived key around for a
principal but wants to temporarily disable password authentication for
policy reasons.
More information about the krbdev
mailing list