Kerberos PAKE Preauth Mechanism
Nathaniel McCallum
npmccallum at redhat.com
Tue Jan 27 02:05:51 EST 2015
For some background to where we are going, please check out this page:
http://k5wiki.kerberos.org/wiki/Projects/Improve_OTP_deployability
I plan to document all this stuff in the coming weeks. But the big
reveal is a new preauth mech: https://github.com/npmccallum/krb5-pake
All the caveats apply: this is completely insecure and will steal your
passwords. Don't use it anywhere but a test setup.
You will also need a patch to enable support for
KDC_ERR_MORE_PREAUTH_DATA_REQUIRED:
https://github.com/krb5/krb5/pull/245
Comments/reviews welcome.
Nathaniel
More information about the krbdev
mailing list