our sysadmin too.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
the connection. Inside the KDC,
all that is required is a dynamic facility for host2realm mapping (like
a DNSSEC-protected lookup).
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Hi,
Is there an API to extract AuthorizationData from GSSAPI credentials
that use Kerberos under the hood? I cannot find it in the RFCs.
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo
when we intend to make realm-crossing use of it, or is there some
appreciation for more standardised structures, such as Diameter frames
or unsigned SAML? The latter two would make some sense in our project,
which aims to make secure use of online services simpler and more general.
Thanks,
-Rick
2.net/kerberos.html
A glimpse at upcoming software (and the earlier PoC) are on
https://github.com/arpa2/kxover
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
and I'm
wondering if it would do good or harm when rolling out remctl in that work.
Cheers,
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
and
got the chances embedded in SoftHSMv2, from which I hope it will spread,
http://openfortress.nl/doc/spec/pgp-in-pkcs11/
and I wouldn't mind writing up another one of those for Kerberos.
Sorry to stir up a hornet's nest ;-)
-Rick
[1] It is not uncommon for USB tokens to store only 3
y(), right?
This does seem to be possible -- but how do others feel about this?
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
ignal content following; these you can
lookup on duckduckgo.com. You should see a general offer packet providing the
available mechanisms, followed by one that it takes a proactive guess it --
normally Kerberos.
If you're still confused, you could a
But SPNEGO may have other things on its
mind as well.
So, you should have a look at what travels between the peers.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
rypted portion
must be decrypted to get hold of the EncryptionKey contained in it.
Passing a TGT verbatim does not release this information, right?
In user-to-user Kerberos, it is also possible to pass a TGT from the
service back to the client, and the client
not enforced) by the client
realm. This IMHO is a severe limitation on that particular model of
constrained delegation.
> Forwarding a TGT is bad because it is unbounded impersonation.
Only when the corresponding key is supplied alongside! [I hope I'm not taking
anything out of
s, which
are accepted to be far less secure than the Kerberos road.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
;ll soon release a successor to
https://tools.ietf.org/html/draft-vanrein-tls-kdh-04
We also have plans for automatic realm crossover including client
identity pseudonymity.
But, alas, this is not ready to roll out yet. We're still finishing the
work as we speak.
Cheers,
Rick van Rein
fo
the user in AD doesn’t use
> same case.
And you probably also know that it is possible in UNIX in general to
specify multiple usernames with the same uid/gid etc. in /etc/passwd,
and you could login as the 2nd entry and end up with the 1st for all
local purposes.
Sorry I can't help any fu
ileged and confidential information
So, why do you post it to a public list? You're welcome to remove this
in future emails. It's legally powerless anyway.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
OK,
Also note that the hash is not SHA1 but HMAC-SHA1, which is much stronger. I
didn't make that clear before.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
sking is aes256-cts-hmac-sha1-96; it uses a SHA1
hash cut off to a 96 bit prefix as a MAC, if I remember correctly. Chase the
link if you need more detail / certainty.
As far as I know, MIT Kerberos will use this encryption type by default. Can't
speak for Heimdal, Shishi or
DC due to these setup actions.
Cheers,
Rick van Rein
OpenFortress.nl / ARPA2.net
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
does PKINIT not
care in practice? (The spec does not, but how about implementations?)
2.
principals contains a single GeneralString holding ${ENV::CLIENT} —
AFAIK this is hardcoded to only cover rick@ but not rick/admin@ right?
FWIW, what Nikos has created is configured in a template
, but that is mostly due to Shishi --
if I recall correctly, it cannot even hand out service tickets. It would be
lovely to have a fullblown third implementation in open source, but Shishi
isn't completely usable yet, AFAIK.
-Rick
Kerber
of GnuTLS come from libnettle. Is what you are
looking for in fact a switch to that support library? If so, what is
your reason for wanting this?
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo
ding authentication.
> If someone could clarify, this would be more than useful...
>
I hope this helps.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
arranged on top
of that makes the infrastructure more frail, more maintenance-intensive.
Also, there are refined facilities in Kerberos that would be lost when
moving over to X.509; things like passing on permissions for backend
services.
Thanks,
-Rick
_
9
certificates with Kerberos contents, I'd be interested in hearing those too.
Cheers,
-Rick
-
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: 1.3.6.1.4.1.44469.666.509.88.1.1.2.1.3.14.3.2.26
Issuer:
Validit
).
I can only find krb5_get_error_message() which reveals e-text but not
the e-data. Or am I overlooking something?
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
will see a new kvno while the rest of the
key parts remain the same. Your keytab can store them at the same time to be
able to service older and newer keyed requests. You are free to remove old
keys if you are certain they should not be used anymore.
-Rick
___
session key as is
done with S4U2Proxy. This approach offers much more control, and requires no
client changes. Only the KDC and service must be setup to match each other's
expectations.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
y target or for none.
Yes, that also matches with what the S4U2Self approach does; it also
grabs control based on things that scare me. I suppose the implicit
assumption is that it functions within a realm, which makes it less
usable for more general use when TLS-KDH gets to crossover to foreign
real
> feel free to forward my reply to the list on reply, if needed)
>
Not intended. I've resent my message, and am now forwarding your full
comments inline to the list.
Thanks for your explanations, Simo!
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
from WebMail to IMAP and SMTP and nothing more.
Sorry if I'm not very good at reverse-engineering the security architecture
from the MS-SFU, -KILE and -PAC documentation. I also didn't find a
HOWTO-styled instruction for this facility with an open source
carrying all the backend services
are supported, and all these certificates could be in the name of the
client. No FORWARDED TGT required, let alone its contained session key!
I'm wondering if that angle would be a nicer one to consider for
TLS-KDH, instead of putting effort in
. Since I don't use Windows I'm already getting at this from
the "outside", reading specs, but it's not easy to see the whole picture.
Thanks!
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
uld get user principal mapping going, that would be sweet.
Or you might retain the uppercase realm and try to cross-sign between
the uppercase and lowercase realms. Your (somewhat silly) clients logon
to the lowercase realm and gain access to the (less errorprone) uppercase
d anywhere, though it seems to be the one
sane approach to avoid interruptions to the authentication services. Right?
(Not sure if this is on-topic, sorry... changing the keys available may
not be the same as setting up fresh crossover trust.)
Cheers,
-Rick
___
nything unknown
through CApath (but an option may be the . realm) -- but would this work
on AD/DC?
With this, crossover based on DNSSEC/DANE could be implemented in a
component external to the binaries of AD/DC, making the chances of
acceptance quite a bit higher.
cle backend, but I'd be surprised if it can do S4U.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
n you didn't mention :) not AD or
DB2, but LDAP which generally is the most flexibile one (but a bit of a
drama to setup IMHO).
I also know that FreeIPA has a variation on this scheme, but I don't
know the details on that.
-Rick
Kerberos m
to also support SSH and GSS-based transports)
so we could also automate much there. The advantage of the latter
is that it might interact with the user for new connections.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
making the local code.
Thanks a lot!
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
T to service tickets w/o
> further processing power spent at TGS time.
Thanks, will study.
>> * Are the ideas under (1) and (2) above worth considering?
>
> Probably not. (1) should be handle with additional Authorization Data
> (2) probably using FAST into a pkinit anonymous c
support any form of access control; it would be
more
useful to have an intermediate level of concealment, based on pseudonyms, roles
and groups. The service would be configured to permit sales@MYREALM and the
KDC for MYREALM would decide if rick@MYREALM can act as sales@MYREALM.
So, what I’ve been
ference. And yes, pubkey crypto is the predictable way out.
You’ll be managing trust if you choose long-term validations based on flimsy
tests (as is common in default X.509 certificates) though.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
helpful with the 5-minute
window granted to the package delivery bloke; it would also help to
avoid that cleaning staff can stay in the house for longer than you
desire, when you are present.
Let us know how you continue, please!
Cheers,
-Rick
your path
with Kerberos, even if it’s a bit out of the ordinarily? I for one would
love to see what you cook up — and it *is* possible.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Hi Paul,
This looks pretty complete to me. I haven’t done this sort of thing yet but I
also figured
it out like you did. Would be great to hear your experiences on this list.
-Rick
Kerberos mailing list Kerberos@mit.edu
https
alm, just using the authenitcated identity that has done a realm-xover
if necessary.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
would you ever take a managed computer outside of the intranet?
The modern keyword “mobility” springs to mind…
And of course “SSO” as a clinching argument for users…
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
angle.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
we go cross-realm, we’ll have to open our KDCs
to the public… at least the TGS part, but that’s undistinguishable from the AS
part (same SRV record)…
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
get to Kerberos as a
> result of all these generic switch points, and second, the lack of an
> official spec for this use of Kerberos.
The lack of official specs appears to be the case here; in practice, it sounds
like it works (on most (?
ible path to get to Kerberos as a
result of all these generic switch points, and second, the lack of an official
spec for this use of Kerberos.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/list
Hello,
I was surprised to find Kerberos authentication for both PPTP and L2TP on Mac
OS X. I have been looking for specs, including for EAP, but failed to find
any. Am I overlooking sth?
Thanks,
-Rick
Kerberos mailing list Kerberos
fully is not AD specific.
Nope. You should be able to zoom in on the GSS-API exchange, I think I’ve done
that before. It’s loaded with OIDs that tag content, and that is actively used
by WireShark. You could compare the one that works and the one that doesn’t.
Is this failing for
not necessary for GSS-API (but it is for data privacy since SASL apps usually
don’t use the C_Wrap() facilities).
I hope this helps!
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
. Mixing the
two will probably lead to mutual weakening, so I am thinking that it might be
useful to split the two, but ensuring that they remain as compatible as can be.
Does that sound wise to you?
Cheers,
Rick van Rein
OpenFortress.nl / ARPA2.net
Hello all,
Based on the responses in this thread, I have drafted a proposal for TXT
records, and posted it to Kitten.
Any feedback on this is welcome and helpful; but Kitten is probably the best
place for it.
Thanks,
-Rick
> After a discussion on kerberos@mit.edu about the TXT records t
en mailing list.
Yes. It is currently part of my TLS-KDH proposal, but perhaps it is
better to take it out and make a separate proposal for this, so people
are in a position to add such things as pre-auth hints easily. Shall I
write this as an I-D and post it on Kitten? Or would you want to d
g up detail-ridden
discussions from the past! Had it been public, then I think I would have
found it already anyway.
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
TXT records than for the server name and the
zone apex. Being forced to check all the intermediate levels seems like a waste
of computational power — especially under DNSSEC — and since the process
must be sequential (don’t continue until you’ve seen an authenticated negative)
it also costs valuable tim
over assigning realms to servers
Moreover, it is probably in line with what we’re all doing now anyway.
Does this make sense?
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
ned in RFC 1509, as a general flag for GSS-API
mechanisms. And, there is an alternative flag GSS_C_REPLAY_FLAG that is also
available in the Kerberos mapping of GSS-API. So the answer appears to be
“yes, you can do this with Kerberos”.
I’m going to assume that MIT krb5 will indeed im
security. TLS-over-TCP enforces ordering of independent packets, and
DTLS-over-UDP isn’t reliable. SCTP is just right, after adding security; and
Kerberos is more sane than (D)TLS in our architecture.
Thanks,
Rick van Rein
InternetWide.org / OpenFortress.nl
gt;
> Is the file format of the ticket cache in ASN.1?
That would depend on its implementation. You asked for tickets ;-) which are
defined in ASN.1 in the RFCs. I think the WireShark suggestion is better than
mine, but it won’t do what you are asking.
-Rick
Hi,
> Does Kerberos5 have a ticket to ascii converter so someone can see
> what a ticket looks like in plain text?
You might use any ASN.1 parser to see the structure, without it actually being
spelled out in terms of the Kerberos field names.
doubt it would be
problematic, as LDAP makes atomic object updates and Kerberos contains its data
in single objects.
For other backends I don’t know — maybe a transition to LDAP first, but I don’t
know if that’s documented anywhere.
Does this help?
Cheers,
-Rick
pal name. This is not enforced by the KDC and the user
should choose to canonicalise, but if someone insisted on a funny name
like joe\@example@example.com then I fail to see hard reasons
to stop him...?
Thanks,
-Rick
Kerberos mail
ipal
> names?
Yes, that’s what I meant. It is not present in the kfw4 GUI, is it?
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
this leaves me a bit worried about the KRB5-NT-ENTERPRISE nametype — does
it apply to what I am doing? Does my approach create a correct enterprise
principal name, or am I so lucky to run into leniency by Kerberos?
Thanks,
-Rick
Kerberos mailing
Hello,
Am I correct that the kfw-4.0 GUI does not support a Canonicalisation option
for the principal name?
I cannot find anything of that nature on
http://web.mit.edu/kerberos/kfw-4.0/kfw-4.0/kfw-4.0-help/index.html
Thanks,
-Rick
Kerberos
the choice between
UDP and TCP (no SCTP possible AFAIK) and the port.
This is done when you first acquire your ticket, and it should be repeated
later on.
I hope that’s what you were after.
-Rick
Kerberos mailing list Kerberos@mit.edu
ht
Hi Olga,
> Why? How can I use both at the same time?
What is shown is your current identity — that’s only one.
Try kswitch (possibly with -i) to switch what is your current identity. The
others are still available, but not shown.
-R
S4U2Self) with Constrained Delegation? It could be
helpful with many things, for instance WebSockets to IMAP / SMTP
for webmail applications.
Are you, or is anyone else, aware of a similar facility for Nginx?
Thanks,
-Rick
Kerberos mai
hope this will be of interest to the Kerberos5 community.
Cheers,
RIck van Rein
OpenFortress / ARPA2
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
draft. Just send me the source if you’d
appreciate that.
(*) List, if this discussion should (or should not) take place here, let me/us
know. I’m not sure what is desired.
Cheers,
Rick van Rein
OpenFortress / ARPA2.net
## Summary and positioning
• PKINIT and kx509 achieve opposite effects
Hi Nico,
> But mainly the appeal of this approach is that the pieces needed all exist.
Are you talking of http://www.citi.umich.edu/projects/kerb_pki/ as your kx509
implementation? It appears to be based on Kerberos4…
-Rick
Kerberos mail
rdly think a mere optimisation could be worth the conceptual mayhem that it
provokes…
I’ll get back to you after reading your draft. Thanks very much!
Cheers,
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
ven't got that far.
The GSS-API is more general than Kerberos, it sees Kerberos as “just a
mechanism”, and it will switch between alternatives; it also has abilities for
mechanisms wrapping around other mechanisms,
http://web.mit.edu/kerberos/krb5-dev
certificate distribution
problems. Or was this not what happened to it? I cannot find anything but
hopes and promises; why has it never advanced into an RFC?
Thanks,
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
that I have in mind, and for now my chief point of
interest. A KDC should not rely on flaky DNS data if it can help it. And,
depending on operator paranoia, it could be useful to enforce DNSSEC for
anything deemed acceptable for the KDC.
Thanks,
-Rick
__
n-dnssec
It seems that I am the only one who sees a case for *insisting* on DNSSEC, or
do others on this list agree there is a need?
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
access a service you won’t request (or renew) its tickets.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Hi.
> Does Kerberos have a way to show me the data in /etc/krb5.keytab in ASCII
> form?
ktutil, subcommands rkt and l.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
he literal "ALL"
> maybe, I am not opposed, and could easily migrate FreeIPA users to that
> syntax.
That last bit is impressive :)
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Krb5DelegationACL class means that NO access control
restrictions are applied
* lack of AllowToImpersonate means NO clients can be impersonated
* to impersonate ALL clients, use a suitable regex memberPrincipal
FWIW :)
Cheers,
-Rick
Kerberos mailing list
Thanks Greg,
This clarifies the last pieces. Dare I suggest upgrading the (online)
documentation?
Thanks Simo,
For adding an interesting future angle to this story
-Rick
Kerberos mailing list Kerberos@mit.edu
https
e? Or does that depend on the whether
there
is a krbCanonicalName for the principal? Are abbreviated forms (dropping the
@REALM
part) permitted/advised?
It’d be good to have these questions answered.
Thanks for any help you can give,
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
istry or configuration files. It could easily end up
being make-belief / feel-good security which isn’t actually as strong as you
might think.
Cheers,
-Rick
signature.asc
Description: Message signed with OpenPGP using GPGMail
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
imap/imap.example.com
HTTP/webmail.example.com —> smtp/smtp.example.com
HTTP/sendmail.example.com —> smtp/smtp.example.com
HTTP/contacts.example.com —> ldap/ldap.example.com
How would I setup these delegations, and only these delegations, with MIT
Kerberos5?
Hi Greg,
Thanks, the terminology has indeed been confusing to me.
I suppose things are as they are — or, as they have grown.
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
uitable for encryption to the acceptor, then the client could
> use that, PFS or no PFS.
Who is discussing these matters? Is this going in in an IETF WG?
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
checksum.
…or the server could hold off client checking the response until it has the
authenticated decryption function available — given the random input that’s
simply retained, he’d be doing it after the client but with the exact same key
that I am missing?
Thanks,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
SRV records with subnames _kerberos._udp
and/or _kerberos._tcp — this has less requirement for DNSSEC because the KDC is
less susceptible to MITM attacks, but that is only valid if you can have 100%
reliance on your users to work with 128-bit (or better) entropy in their
pa
ble as your DNS; in other words, you probably
want to ensure that DNSSEC is being used if what you are doing with the
information could have any security implication.
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.
stand that clocks are assumed to be secure, which is rarely a fact.
What I don't know is if this is all I need to know. I can find a few
documents, but some appear really old. Is there an overview documenting
weaknesses in today's Kerber
"hijack any script on this
vhost (or under this location/directory) and gain access to all the
backend services available to the user?
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
not, in spite of several requests
- wget does not
> Any advice here?
>
I hope some of these ramblings are useful to you.
Cheers,
Rick van Rein
OpenFortress
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
ort of
thing I've been missing while reading howto-styled information. I suppose I
tend to read docs like an academic, searching for boundaries.
Anyhow, I have it working now, thanks very very much for your help.
I have a bundle of ideas to innova
> unfortunate command name).
I regenerated them and now the KDC has shrunk in size, indeed. Thanks.
I'm documenting this in detail in the hope it can also help others (using a
search engine like I have). I also hope that my remarks (about error messages)
can help to improve the usability of Kerberos a bit.
Thanks for your help Greg!
Cheers,
-Rick
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
1 - 100 of 134 matches
Mail list logo
