On 1/8/19 8:35 PM, Russ Allbery wrote:
Yes. A lot of higher education institutions that have used Kerberos for many, many years have their KDCs directly on the Internet and allow clients to authenticate from anywhere.
Oh. Good!
PKINIT is just a replacement preauth mechanism, instead of enc-timestamp. Basically, the client uses an X.509 authentication instead of a proof of key possession as the preauthentication step to establish a shared session secret that is used to encrypt the TGT. (This may not be 100% accurate; it's been a while since I dug into the protocol.)FAST is a replacement for the whole preauth step. It uses some pre-existing shared session key between the KDC and the client to encrypt the whole preauthentication exchange. Inside of that, you can use various preauthentication mechanisms.Where they usefully combine is in how to get that pre-existing shared session key to be able to start using FAST. This is a chicken-and-egg problem with traditional Kerberos: you have to authenticate first in order to authenticate. You can, for instance, use the local host key (which is probably randomly generated and therefore safer to use in a direct exchange with the KDC) to get a session key to start FAST, and then do preauthentication with the (weaker) password-derived key.Anonymous PKINIT lets you out of that trap by letting the client "authenticate" with anonymous Diffie-Hellman to the KDC. This doesn't establish any meaningful identity, but it *does* get you a shared session key, and with that you can start FAST, and use it to protect any subsequent preauthentication exchange.Note that you can enable anonymous PKINIT even if you don't otherwise use PKINIT and don't have any client certificates. (You ideally do have a KDC certificate, though, that the clients know about.)
Thank you for the concise responses. I will do more reading on FAST, PKINIT, Anonymous PKINIT. But now I have a better idea how the pieces fit together.
Plus, CA thrown in for good measure.Isn't security fun and simple? - What ever happened to the days of 3Rot13. ;-)
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
