[38200] in Kerberos
Preauth / AES / MIT Kerberos / TGT des3-cbc-sha1
daemon@ATHENA.MIT.EDU (John Tang Boyland)
Mon Feb 12 10:51:57 2018
Prev-Resent-From: <boyland@uwm.edu>
From: John Tang Boyland <boyland@pabst.cs.uwm.edu>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-ID: <17777.1518449865.1@pabst.cs.uwm.edu>
Date: Mon, 12 Feb 2018 09:37:45 -0600
Message-ID: <17778.1518449865@pabst.cs.uwm.edu>
Resent-From: John Tang Boyland <boyland@pabst.cs.uwm.edu>
Resent-To: kerberos@mit.edu
Reply-To: boyland@uwm.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Apple's kinit is now complaining if a KDC generates a des3 ticket:
Encryption type des3-cbc-sha1(16) used for authentication is weak and will be deprecated
If one uses the "-e" option, one gets the message:
$ /usr/bin/kinit -e aes128-cts-hmac-sha1-96 test@<REALM>
test@<REALM>'s password:
kinit: krb5_get_init_creds: Preauth required but no preauth options send by KDC
But the principle in question has the REQUIRES_PRE_AUTH flag:
kadmin: getprinc test
Principal: test@<REALM>
...
Maximum ticket life: 0 days 10:00:00
Maximum renewable life: 7 days 00:00:00
Failed password attempts: 0
Number of keys: 1
Key: vno 2, aes256-cts-hmac-sha1-96
MKey: vno 1
Attributes: REQUIRES_PRE_AUTH
Policy: [none]
If I use kinit without the -e option, I get:
$ /usr/bin/klist --verbose
Credentials cache: API:D6263E03-4C49-46C2-80B5-9C72FF37009B
Principal: test@<REALM>
Cache version: 0
Server: krbtgt/<REALM>@<REALM>
Client: test@<REALM>
Ticket etype: des3-cbc-sha1, kvno 1
Ticket length: 318
Auth time: Feb 12 08:23:42 2018
End time: Feb 12 18:23:37 2018
Ticket flags: enc-pa-rep, pre-authent, initial, forwardable
Addresses: addressless
When I describe the krb5-admin-server package on the admin server, I see
Package: krb5-admin-server
Architecture: amd64
Version: 1.13.2+dfsg-5ubuntu2
Priority: optional
Section: universe/net
Source: krb5
Origin: Ubuntu
...
In an attempt to prevent krb5-kdc from using these insecure encryption
types, I added the following to krb5.conf:
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
Then the client claims that KDC has no support for encryption type while getting
initial credentials.
(I also tried just using "aes" which the documentation also suggests)
What's going on? Does MIT kerberos not actually support AES256?
or is the online documentation that claims that these aes encryption types
are supported wrong?
Best regards,
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
