On 4/27/2015 11:40 AM, Benjamin Kaduk wrote: > I am framing it as a choice between supporting OS X variants which do not > support DES keys at all (in krb5), and supporting old OSX variants which > do support DES session keys but have no functional programmatic way to > enable the use of weak crypto. You are free to reject my framing of the > question, but please provide an alternate one in its stead.
The rxkad-kdf changes for aklog removes the restriction on the use of DES session keys but it still permits them to be used if the Kerberos KDCs and the relevant service principals are still configured to issue DES session keys in preference to others. What you are proposing is that a new version of aklog disable the ability to make use of DES session keys even though the session key being DES has nothing to do with the brute force attack against the long term secret of the service principal. The side effect is that a user of OpenAFS on a platform which has worked for years will stop working if they install an updated OpenAFS client version. This is a new class of self imposed breakage. There are many issues with the OSX Kerberos stack since the transition from MIT to Heimdal because the public krb5 interface was frozen using the MIT APIs and none of the new Heimdal APIs are available. This is why when Your File System, Inc. builds OpenAFS installation packages we build them against a private Heimdal build that is shipped as part of the dmg. The OSX Yosemite installer available from https://www.your-file-system.com/openafs-client-installer/download-openafs does support DES session key even if the Apple provided Kerberos does not. If we are going to detect and block the use of DES keys the correct place to do that in my opinion is on the servers. Simply do not permit the use of weak enctypes for the server keys. There is no reason to break the clients. What I will say though is that the sites that are upgrading their OpenAFS servers and have yet to get off DES keys are not failing to do so because of lack of desire. Often its because the Kerberos servers are not under the same organizational control or because there are other operational issues preventing an easy upgrade of the KDCs. The sites that are never upgrading their OpenAFS server code aren't going to care and will never be affected. Breaking their end users will simply cause the end users to stop using /afs. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
