|
Packit |
fd8b60 |
.. _enctypes:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Encryption types
|
|
Packit |
fd8b60 |
================
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Kerberos can use a variety of cipher algorithms to protect data. A
|
|
Packit |
fd8b60 |
Kerberos **encryption type** (also known as an **enctype**) is a
|
|
Packit |
fd8b60 |
specific combination of a cipher algorithm with an integrity algorithm
|
|
Packit |
fd8b60 |
to provide both confidentiality and integrity to data.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Enctypes in requests
|
|
Packit |
fd8b60 |
--------------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Clients make two types of requests (KDC-REQ) to the KDC: AS-REQs and
|
|
Packit |
fd8b60 |
TGS-REQs. The client uses the AS-REQ to obtain initial tickets
|
|
Packit |
fd8b60 |
(typically a Ticket-Granting Ticket (TGT)), and uses the TGS-REQ to
|
|
Packit |
fd8b60 |
obtain service tickets.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The KDC uses three different keys when issuing a ticket to a client:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
* The long-term key of the service: the KDC uses this to encrypt the
|
|
Packit |
fd8b60 |
actual service ticket. The KDC only uses the first long-term key in
|
|
Packit |
fd8b60 |
the most recent kvno for this purpose.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
* The session key: the KDC randomly chooses this key and places one
|
|
Packit |
fd8b60 |
copy inside the ticket and the other copy inside the encrypted part
|
|
Packit |
fd8b60 |
of the reply.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
* The reply-encrypting key: the KDC uses this to encrypt the reply it
|
|
Packit |
fd8b60 |
sends to the client. For AS replies, this is a long-term key of the
|
|
Packit |
fd8b60 |
client principal. For TGS replies, this is either the session key of the
|
|
Packit |
fd8b60 |
authenticating ticket, or a subsession key.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Each of these keys is of a specific enctype.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Each request type allows the client to submit a list of enctypes that
|
|
Packit |
fd8b60 |
it is willing to accept. For the AS-REQ, this list affects both the
|
|
Packit |
fd8b60 |
session key selection and the reply-encrypting key selection. For the
|
|
Packit |
fd8b60 |
TGS-REQ, this list only affects the session key selection.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
.. _session_key_selection:
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Session key selection
|
|
Packit |
fd8b60 |
---------------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The KDC chooses the session key enctype by taking the intersection of
|
|
Packit |
fd8b60 |
its **permitted_enctypes** list, the list of long-term keys for the
|
|
Packit |
fd8b60 |
most recent kvno of the service, and the client's requested list of
|
|
Packit |
fd8b60 |
enctypes.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Starting in krb5-1.11, it is possible to set a string attribute on a
|
|
Packit |
fd8b60 |
service principal to control what session key enctypes the KDC may
|
|
Packit |
fd8b60 |
issue for service tickets for that principal. See :ref:`set_string`
|
|
Packit |
fd8b60 |
in :ref:`kadmin(1)` for details.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Choosing enctypes for a service
|
|
Packit |
fd8b60 |
-------------------------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Generally, a service should have a key of the strongest
|
|
Packit |
fd8b60 |
enctype that both it and the KDC support. If the KDC is running a
|
|
Packit |
fd8b60 |
release earlier than krb5-1.11, it is also useful to generate an
|
|
Packit |
fd8b60 |
additional key for each enctype that the service can support. The KDC
|
|
Packit |
fd8b60 |
will only use the first key in the list of long-term keys for encrypting
|
|
Packit |
fd8b60 |
the service ticket, but the additional long-term keys indicate the
|
|
Packit |
fd8b60 |
other enctypes that the service supports.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
As noted above, starting with release krb5-1.11, there are additional
|
|
Packit |
fd8b60 |
configuration settings that control session key enctype selection
|
|
Packit |
fd8b60 |
independently of the set of long-term keys that the KDC has stored for
|
|
Packit |
fd8b60 |
a service principal.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Configuration variables
|
|
Packit |
fd8b60 |
-----------------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The following ``[libdefaults]`` settings in :ref:`krb5.conf(5)` will
|
|
Packit |
fd8b60 |
affect how enctypes are chosen.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**allow_weak_crypto**
|
|
Packit |
fd8b60 |
defaults to *false* starting with krb5-1.8. When *false*, removes
|
|
Packit |
fd8b60 |
weak enctypes from **permitted_enctypes**,
|
|
Packit |
fd8b60 |
**default_tkt_enctypes**, and **default_tgs_enctypes**. Do not
|
|
Packit |
fd8b60 |
set this to *true* unless the use of weak enctypes is an
|
|
Packit |
fd8b60 |
acceptable risk for your environment and the weak enctypes are
|
|
Packit |
fd8b60 |
required for backward compatibility.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**permitted_enctypes**
|
|
Packit |
fd8b60 |
controls the set of enctypes that a service will permit for
|
|
Packit |
fd8b60 |
session keys and for ticket and authenticator encryption. The KDC
|
|
Packit |
fd8b60 |
and other programs that access the Kerberos database will ignore
|
|
Packit |
fd8b60 |
keys of non-permitted enctypes. Starting in release 1.18, this
|
|
Packit |
fd8b60 |
setting also acts as the default for **default_tkt_enctypes** and
|
|
Packit |
fd8b60 |
**defaut_tgs_enctypes**.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**default_tkt_enctypes**
|
|
Packit |
fd8b60 |
controls the default set of enctypes that the Kerberos client
|
|
Packit |
fd8b60 |
library requests when making an AS-REQ. Do not set this unless
|
|
Packit |
fd8b60 |
required for specific backward compatibility purposes; stale
|
|
Packit |
fd8b60 |
values of this setting can prevent clients from taking advantage
|
|
Packit |
fd8b60 |
of new stronger enctypes when the libraries are upgraded.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**default_tgs_enctypes**
|
|
Packit |
fd8b60 |
controls the default set of enctypes that the Kerberos client
|
|
Packit |
fd8b60 |
library requests when making a TGS-REQ. Do not set this unless
|
|
Packit |
fd8b60 |
required for specific backward compatibility purposes; stale
|
|
Packit |
fd8b60 |
values of this setting can prevent clients from taking advantage
|
|
Packit |
fd8b60 |
of new stronger enctypes when the libraries are upgraded.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
The following per-realm setting in :ref:`kdc.conf(5)` affects the
|
|
Packit |
fd8b60 |
generation of long-term keys.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
**supported_enctypes**
|
|
Packit |
fd8b60 |
controls the default set of enctype-salttype pairs that :ref:`kadmind(8)`
|
|
Packit |
fd8b60 |
will use for generating long-term keys, either randomly or from
|
|
Packit |
fd8b60 |
passwords
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
Enctype compatibility
|
|
Packit |
fd8b60 |
---------------------
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
See :ref:`Encryption_types` for additional information about enctypes.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
========================== ===== ======== =======
|
|
Packit |
fd8b60 |
enctype weak? krb5 Windows
|
|
Packit |
fd8b60 |
========================== ===== ======== =======
|
|
Packit |
fd8b60 |
des-cbc-crc weak <1.18 >=2000
|
|
Packit |
fd8b60 |
des-cbc-md4 weak <1.18 ?
|
|
Packit |
fd8b60 |
des-cbc-md5 weak <1.18 >=2000
|
|
rpm-build |
affca0 |
des3-cbc-sha1 <1.18 none
|
|
Packit |
fd8b60 |
arcfour-hmac >=1.3 >=2000
|
|
Packit |
fd8b60 |
arcfour-hmac-exp weak >=1.3 >=2000
|
|
Packit |
fd8b60 |
aes128-cts-hmac-sha1-96 >=1.3 >=Vista
|
|
Packit |
fd8b60 |
aes256-cts-hmac-sha1-96 >=1.3 >=Vista
|
|
Packit |
fd8b60 |
aes128-cts-hmac-sha256-128 >=1.15 none
|
|
Packit |
fd8b60 |
aes256-cts-hmac-sha384-192 >=1.15 none
|
|
Packit |
fd8b60 |
camellia128-cts-cmac >=1.9 none
|
|
Packit |
fd8b60 |
camellia256-cts-cmac >=1.9 none
|
|
Packit |
fd8b60 |
========================== ===== ======== =======
|
|
Packit |
fd8b60 |
|
|
rpm-build |
affca0 |
krb5 releases 1.8 and later disable the single-DES enctypes by
|
|
rpm-build |
affca0 |
default. Microsoft Windows releases Windows 7 and later disable
|
|
rpm-build |
affca0 |
single-DES enctypes by default.
|
|
rpm-build |
affca0 |
|
|
rpm-build |
affca0 |
krb5 releases 1.18 and later remove single-DES and 3DES
|
|
rpm-build |
affca0 |
(downstream-only patch) enctype support. Microsoft Windows never
|
|
rpm-build |
affca0 |
supported 3DES.
|