Kerberos in an ISP environment UNIX/Win2K/Cisco > Nicolas FISCHBACH nico@securite.org - http://www.securite.org/nico/ > Sébastien LACOSTE-SERIS kaneda@securite.org - http://www.securite.org/kaneda/ version 1.13
Agenda Kerberos > Introduction : why did we choose Kerberos ? > Protocol and Exchanges > MIT Kerberos and Applications > Attacks Deployment > UNIX > Cisco Routers and Switches > Win2K Q&A © 2001 Sécurité.Org
What is Kerberos ? Kerberos is a network authentication protocol/system Uses time synchronization to : > limit the use of the keys > help in detecting replay attacks Mutual authentication Uses DES and shared keys Trusted third party © 2001 Sécurité.Org
What is Kerberos not ? Kerberos does not provide authorization only authentication Kerberos does not provide data encryption © 2001 Sécurité.Org
Why use Kerberos ? Secure authentication (cryptography) No password transmission Single Sign On > SSO is bad for security (Bruce Schneier) Centralized authentication management IETF Standard (RFC 1510) © 2001 Sécurité.Org
Kerberos vocabulary (1) KDC : Key Distribution Center. Holds a database of clients and servers (called principals) and their private keys principal : three-tuple <primary name, instance, realm> > user : login/staff@REALM > service : service/host.fqdn@REALM primary : username or service name instance : “qualifies” the primary (role) realm : authentication domain © 2001 Sécurité.Org
Kerberos vocabulary (2) keytab : file containing one or more keys (for hosts or services). Also known as SRVTAB. client : an entity that can obtain a ticket (user or host) service : host, ftp, krbtgt, pop, etc. ticket : credentials (identity of a client for a particular service) TGT : ticket issued by the AS. Allows the client to obtain additional tickets for the same realm. © 2001 Sécurité.Org
Key Distribution Center Responsible for maintaining master keys for all principles and issuing Kerberos tickets Authentication Service (AS) gives the client a session key and a Ticket Granting Ticket (TGT) Distributes service session keys and ticket for the service via a Ticket Granting Service (TGS) © 2001 Sécurité.Org
Kerberos Protocol (1) Kerberos Ticket Encrypted Domain Principal Name Ticket Flags Encryption Key Start Time End Time Host Address Authorization Data Encrypted © 2001 Sécurité.Org
Kerberos Protocol (2) Kerberos Ticket Exchanges Ports : kinit: 88/udp kpasswd (Unix): 749/tdp kpasswd (Win): 464/{tcp,udp} Key Distribution Center Authentication Service Ticket Granting Service User Network Service © 2001 Sécurité.Org
Kerberos Protocol (3) Getting a Ticket Granting Ticket (1+2) > (1) TGT Request > (2) TGT (to be decrypted with the user’s password hash) Client KDC TGT Request (1) TGT (2) © 2001 Sécurité.Org
Kerberos Protocol (4) Getting and using a Service Ticket (3+4+5) > (3) ST Request (with a TGT) > (4) ST and session key > (5) ST for authentication KDC ST Request (3) Client ST and SK (4) ST (5) Server © 2001 Sécurité.Org
Kerberos Protocol (5) Kerberos delegation Server KDC ST Request Client TGT + ST ST and SK ST Server © 2001 Sécurité.Org
Realms A Realm is an authentication domain > one Kerberos database and a set of KDCs Hierarchical organization (new in v5) One or two way authentication Cross-realm authentication > transitive cross-realm > direct between realms © 2001 Sécurité.Org
Kerberos Protocol (6) Authentication across domains KDC TGT Request Client KDC TGT ST Request ST and SK ST and SK Server © 2001 Sécurité.Org
MIT distribution Version used : 5.1 Provides client and server Supported platforms : UNIXes (xBSD, Linux, Solaris, AIX, HP-UX, OSF/1, ...) MacOS 10 DNS can be used for lookups © 2001 Sécurité.Org
Kerberized applications telnet (with DES encryption) and r-commands CVS and ksu, klogin, k* SSH 1.2 supports Kerberos V (run at least version 1.2.30) SSL v3.0 Cygnus Kerbnet (NT, MAC, Unix) samba doesn’t (related to MS extensions) © 2001 Sécurité.Org
How to Kerberize an application All applications can be adapted Use of the GSS API Transport the ticket within an application © 2001 Sécurité.Org
NAT issues Host address is included in the tickets Need to add NATed IP address in the ticket Patch for MIT Kerberos 5.1 © 2001 Sécurité.Org
Attacks against Kerberos (1) Vulnerability in Kerberos password authentication via KDC AS spoofing : keytab file and register principals for the service (http://www.monkey.org/~dugsong/kdcspoof.tar.gz) Replay attacks : detected (C+S are time synchronized) Exposed keys : keys have a limited lifetime but are multi-session keys Temporary file vulnerability : run krb5-1.2.1+ © 2001 Sécurité.Org
Attacks against Kerberos (2) Passwords guessing : use a good passphrase Trojaned clients : OTP Implicit trust between realms Ticket forwarding Others : KDC, shared workstations, ... © 2001 Sécurité.Org
*NIX clients RedHat (6.2 and 7) provides Kerberos V support > Install patch RHSA-2001:025-14 Solaris/OpenBSD only provide Kerberos IV © 2001 Sécurité.Org
Kerberos V on *NIX clients (1) Authentication managed by Kerberos API Authorizations defined in user files : ~/.k5login - defines the principal(s) who can login into account that account ~/.k5users - defines commands that can be launched via ksu (sudo like) PAM alternatives © 2001 Sécurité.Org
Kerberos V on *NIX clients (2) Kerberized Telnet : available Kerberized SSH : > SSH.Com’s SSH 1.2.x and 2.x support Kerberos V > OpenSSH (as of 2.5.1) doesn’t yet support Kerberos V : http://www.sxw.org.uk/computing/patches/ © 2001 Sécurité.Org
Kerberos V on Cisco equipment (1) Cisco Routers > Kerberized Telnet > Password authentication using Kerberos (telnet, SSH and console) > Can map instance to Cisco privilege (locally defined) Cisco Switches > Telnet only (SSH available as of 6.1 but w/o Kerberos support) © 2001 Sécurité.Org
Kerberos V on Cisco equipment (2) IOS & memory issues on routers : > Feature name : Kerberos V client support > Needed Feature set : at least Enterprise > Not supported on all hardware, for example : - Cisco 16xx router - Cisco GSR (12xxx - Gigabit Switch Router) > Memory requirements : Hint: always check with the Cisco IOS Feature Navigator © 2001 Sécurité.Org
Kerberos V on Cisco equipment (3) Router Configuration : aaa authentication login default krb5-telnet local aaa authorization exec default krb5-instance kerberos local-realm COLT.CH kerberos srvtab entry host/bgp1.colt.ch@COLT.CH ... kerberos server COLT.CH 192.168.0.14 kerberos instance map engineering 15 kerberos instance map support 3 kerberos credentials forward line vty 0 4 ntp server 192.168.0.126 © 2001 Sécurité.Org
Kerberos V on Cisco equipment (4) CatOS & memory issues on switches : > At least Supervisor Engine Software Release 5.x > Only supported on Catalyst 4000, 5000 and 6000/6500 > Only supported on SE I (not SE II) on Cat6K > Memory requirements : Hint: always check the Release Notes © 2001 Sécurité.Org
Kerberos V on Cisco equipment (5) Switch Configuration : #kerberos set kerberos local-realm COLT.CH set kerberos clients mandatory set kerberos credentials forward set kerberos server COLT.CH 192.168.0.82 88 set kerberos srvtab entry host/sw1.colt.ch@COLT.CH ... #authentication set authentication login kerberos enable telnet primary set authentication enable kerberos enable telnet primary #ntp set ntp client enable set ntp server 192.168.0.11 © 2001 Sécurité.Org
Kerberos V on Win2K stations (1) Provides Kerberos authentication for interactive logons The protocol is a Security Provider under the SPPI (Security Support Provider Interface) and is linked to the LSA (Local Security Authority) Ticket cache is provided by the LSA Telnetd supports Kerberos © 2001 Sécurité.Org
Kerberos V on Win2K stations (2) Support Tools Win2K station configuration : ksetup /setdomain COLT.CH ksetup /addkdc COLT.CH kdc.colt.ch ksetup /setmachpassword password ksetup /mapuser user@COLT.CH localuser ksetup /mapuser * * Windows Time Server (+ registry) No kerberized SSH, only a few (broken) telnet clients © 2001 Sécurité.Org
That’s all folks :-) Latest version, goodies and additional information < http://www.securite.org/presentations/krb5/ > Q&A Picture: http://www.inforamp.net/~dredge/funkycomputercrowd.html © 2001 Sécurité.Org