Grant Taylor <gtay...@tnetconsulting.net> writes: > It's my (mis?)understanding that communications between Kerberos clients > and the KDC are in the clear (but do not include the password), and that > there is functionally no communications between a remote server and the > KDC.
I don't think describing it as "in the clear" is quite right, but a default Kerberos configuration using enc-timestamp and no tunneling as the preauth mechanism is somewhat vulnerable to packet capture followed by an off-line dictionary attack to recover the authentication key. The standard solution for this is FAST, which protects the initial authentication against this attack. (You do need some other credential to set up the FAST tunnel, but you can use anonymous Diffie-Hellman via anonymous PKINIT, or you can use a randomized key.) The attack still requires subsequent work; you can't just snoop the connection between the client and the KDC and immediately get credentials. The work factor is basically linked to the complexity of the client key, so it's not much of a worry for a randomized key but is a worry for user passwords. > As such, I'm wondering if it would be relatively safe enough to use > Kerberos to authenticate to a VPS in the cloud when both the client and > KDC are on the LAN. I think Kerberized SSH would be the only Kerberos > related traffic across the Big Bad Internet to the VPS. Is this > correct? Yes. > Can anyone point me to some general reading that any /a ll Kerberos n00b > should read? (I've been following How-Tos and gotten a lot to work.) I don't have a good answer for this, unfortunately. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
