use of AES keys with kinit - Kerberos

This is a discussion on use of AES keys with kinit - Kerberos ; I find that when I have a principal with both a DES key and an AES128 key then I cannot use kinit to authenticate using a keytab file that only has the AES128 key. I would like to know why ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: use of AES keys with kinit

  1. use of AES keys with kinit

    I find that when I have a principal with both a DES key and an AES128
    key then I cannot use kinit to authenticate using a keytab file that
    only has the AES128 key. I would like to know why I cannot
    authenticate through kinit using just my AES128 key.

    The details of my interaction follow:

    1. Create the keytab file with just a aes128-cts-hmac-sha1-96:normal key:
    kadmin.local: ktadd -k temp.keytab -e
    "aes128-cts-hmac-sha1-96:normal" PRINCIPAL
    Entry for principal PRINCIPAL with kvno 5, encryption type AES-128 CTS
    mode with 96-bit SHA-1 HMAC added to keytab WRFILE:temp.keytab.

    2. Try to kinit using that keytab file.
    kinit -k -t temp.keytab PRINCIPAL
    kinit(v5): Key table entry not found while getting initial credentials

    But after adding a des key to the temp.keytab, then the above kinit works.

    In trying to research this I noticed the following in the latest (Aug
    4, 2006) "Kerberos V5 application programming library"
    documentation. In the description of the krb5_get_in_tkt call it
    says that "valid encryption types are ETYPE_DES_CBC_CRC and ETYPE_RAW_DES_CBC".

    Am I to understand that the API used by kinit will use only DES keys
    to get initial tickets? If so, is this just a current implementation
    problem or is there a more basic technical problem that will not let
    kinit be extended to use an AES128 keys?

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: use of AES keys with kinit

    On Sep 11, 2006, at 14:26, Rich Frobose wrote:
    > I find that when I have a principal with both a DES key and an AES128
    > key then I cannot use kinit to authenticate using a keytab file that
    > only has the AES128 key. I would like to know why I cannot
    > authenticate through kinit using just my AES128 key.


    Currently kinit will not look at the keytab to come up with a list of
    encryption types; it just asks for any encryption type it knows
    about, and assumes that the KDC can do the right thing. The KDC
    assumes that the keytab will have all of the keys, and picks the
    first one (they're in a sort of preference order in the database).

    We could change kinit to look at the keytab for the enctypes, but it
    could also be argued that if the KDC and keytab are not consistent,
    your configuration is broken....


    > In trying to research this I noticed the following in the latest (Aug
    > 4, 2006) "Kerberos V5 application programming library"
    > documentation. In the description of the krb5_get_in_tkt call it
    > says that "valid encryption types are ETYPE_DES_CBC_CRC and
    > ETYPE_RAW_DES_CBC".


    That document is very much out of date, I'm afraid.

    > Am I to understand that the API used by kinit will use only DES keys
    > to get initial tickets? If so, is this just a current implementation
    > problem or is there a more basic technical problem that will not let
    > kinit be extended to use an AES128 keys?


    It should work just fine with AES... confusion about the
    configuration aside....

    Ken
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: use of AES keys with kinit

    On 9/11/06, Ken Raeburn wrote:
    >
    > On Sep 11, 2006, at 14:26, Rich Frobose wrote:
    > > I find that when I have a principal with both a DES key and an AES128
    > > key then I cannot use kinit to authenticate using a keytab file that
    > > only has the AES128 key. I would like to know why I cannot
    > > authenticate through kinit using just my AES128 key.

    >
    > Currently kinit will not look at the keytab to come up with a list of
    > encryption types; it just asks for any encryption type it knows
    > about, and assumes that the KDC can do the right thing. The KDC
    > assumes that the keytab will have all of the keys, and picks the
    > first one (they're in a sort of preference order in the database).
    >
    > We could change kinit to look at the keytab for the enctypes, but it
    > could also be argued that if the KDC and keytab are not consistent,
    > your configuration is broken....
    >
    >
    > > In trying to research this I noticed the following in the latest (Aug
    > > 4, 2006) "Kerberos V5 application programming library"
    > > documentation. In the description of the krb5_get_in_tkt call it
    > > says that "valid encryption types are ETYPE_DES_CBC_CRC and
    > > ETYPE_RAW_DES_CBC".

    >
    > That document is very much out of date, I'm afraid.
    >
    > > Am I to understand that the API used by kinit will use only DES keys
    > > to get initial tickets? If so, is this just a current implementation
    > > problem or is there a more basic technical problem that will not let
    > > kinit be extended to use an AES128 keys?

    >
    > It should work just fine with AES... confusion about the
    > configuration aside....
    >
    > Ken
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >


    Is it possible to compile kerberos 1.5 to default to strong encryption (AES,
    3DES), and eliminate the weaker ones entirely?
    I see the ENCTYPEs and CKSUMTYPEs in src/include/krb5/krb5.h - is it just a
    matter of removing/reordering them?
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  4. Re: use of AES keys with kinit

    On Sep 11, 2006, at 19:18, Tom Simons wrote:
    > Is it possible to compile kerberos 1.5 to default to strong
    > encryption (AES,
    > 3DES), and eliminate the weaker ones entirely?
    > I see the ENCTYPEs and CKSUMTYPEs in src/include/krb5/krb5.h - is
    > it just a
    > matter of removing/reordering them?


    Not as a simple configure-time option, but if you go into the krb5
    library sources, there's a macro defined in there which has the
    compiled-in default list of enctypes; you could remove DES there. Or
    you could go into the crypto library and delete or alter the table
    entries where it recognizes the names of the DES-based enctypes.

    Neither of those will completely cripple all the DES support -- it
    could still be found by number, e.g. when processing a received
    message using those types, unless you remove the entries from the
    table in the crypto library. Even that will still leave (most of?)
    the bits used by the Kerberos v4 support intact. But you'd certainly
    make it harder to accidentally use DES.

    The current compiled-in defaults should cause the stronger enctypes
    to be preferred, though, unless you've got configuration data
    someplace (config file, key types in existing database entries)
    telling it to pick DES first.

    Ken

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread