[39295] in Kerberos
Re: RFC 4121 & acceptor subkey use in MIC token generation
daemon@ATHENA.MIT.EDU (Nico Williams)
Fri Oct 27 16:27:48 2023
Date: Fri, 27 Oct 2023 15:27:26 -0500
From: Nico Williams <nico@cryptonector.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: Simo Sorce <simo@redhat.com>, kerberos@mit.edu
Message-ID: <ZTwdLkmGk3G+vv6B@ubby21>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <202310271801.39RI15Ud018075@hedwig.cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, Oct 27, 2023 at 02:01:05PM -0400, Ken Hornstein via Kerberos wrote:
> >Aren't you supposed to use CAC or PIV cards?
>
> Well, I hate to use the "Air Bud" loophole, but the rules as I
> understand them don't ACTUALLY say that for ssh, and in some contexts
> they explictly say that plaintext passwords are fine as long as you're
> doing something like using a RADIUS server to verify the password. Yes,
> the RADIUS protocol is terrible and has MD5 baked into the protocol and
> no one has ever explained to me why the STIGS say FIPS mode is manditory
> but RADIUS is fine.
Uh... If someone was able to swing that then you should be able to
swing use of MD5 for non-cryptographic purposes where a 20 year old RFC
requires it. But, I know, I know, never mind.
> >You can definitely use openssh clients with PIV cards and avoid
> >kerberos altogether.
>
> I have done that! But that is actually TERRIBLE IMHO from a security
> perspective unless you write a whole pile of infrastructure code; maybe
> some sites actually do that but the people I've seen with that setup do
> not and then get surprised when they get a new CAC and that breaks. If
> you funnel all that through PKINIT then things are much nicer.
IDEA: Patch ssh to support use of x.509 certificates.
After all, you can't use OpenSSH certs because... that's not "the DoD
PKI", and you can't use GSS-KEYEX because of the foregoing MD5
non-issue, so might as well do the one thing you are allowed to do: use
the DoD PKI!
And you're using Heimdal, right? Well, Heimdal has a very frickin' nice
ASN.1 compiler that already has everything you need to be able to decode
x.509 certificates. It even has a fantastic libhx509, though the only
thing it doesn't have is support for x25519/x448 (I've a branch with
that stuff I need to finish). Though you'll want to update to the
as-yet unreleased master branch for this because it's more awesome
there.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
