Jeffrey Hutzelman <jh...@cmu.edu> writes:
> ext_keytab is poorly-named. In MIT Kerberos, it doesn't actually extract
> anything; it generates a new key with a new kvno and stores it in both
> the keytab and the kdb. MIT kadmind, going back as far as krb4, didn't
> even have an operation to fetch existing keys from the database; that
> was considered an exceptionally dangerous ability and not really
> Heimdal initially took a different approach, which is still what
> ext_keytab does by default, for backward compatibility and to avoid
> unpleasantly-surprising results. With -r, it randomizes the key instead,
> which is safer. Note that ext_keytab without -r will not work if you
> don't have the get-keys privilege.
> I have patches going back as far as Heimdal 0.6 which make get-keys a
> separate privilege not included in 'all'. I didn't write the change that
> eventually made it into Heimdal, but I certainly agree with it.
+1. I was one of the people who asked for this. Extracting the key
without changing it opens some nasty attack paths where an attacker can
silently get a copy of the key currently in use and use that to snoop on
traffic and forge sessions.
If the attacker has to invalidate the old key in order to download new
keys, the detection story is much better and the attacker is a bit more
limited in what they can immediately do.
Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/>