[OpenAFS] OpenAFS and single DES

[Benjamin Kaduk]

Replying to a rather old mail to note new developments...

On Fri, 5 Oct 2012, Benjamin Kaduk wrote:

> On Fri, 5 Oct 2012, Booker Bense wrote:
>
>> On Fri, Oct 5, 2012 at 11:23 AM, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> 
>>> 
>>> You can limit your exposure by having the afs/cell@realm principal be the
>>> only principal in the database with a single DES key.  The 
>>> default_enctypes
>>> do not need to include single-DES, and you can safely make both user
>>> principals and krbtgt/realm have no weak keys, the weak crypto will only 
>>> be
>>> used to obtain an afs service ticket (and the corresponding token).
>> 
>> Are you absolutely sure this is true? I have vague recollections that you
>> need single DES keys on the krbtgt key to get single DES tickets. But
>> it's late and I haven't had lunch yet so I may be misremembering.
>
> I am not 100% sure, no.  I am actually working on a document with a procedure 
> for upgrading away from single-DES, and will test it in practice during the 
> course of that work.  (I will send a link when it is finished.) The main

The MIT krb5-1.11 release (announced yesterday) includes a document about 
how to remove or mostly remove single-DES from the realm:
http://web.mit.edu/kerberos/krb5-1.11/doc/admin/advanced/retiring-des.html

There's also a document detailing the types of keys involved in a request 
and how their enctypes are selected:
http://web.mit.edu/kerberos/krb5-1.11/doc/admin/enctypes.html

The second page also documents two new features relevant to this 
discussion: a way to disable the formerly-implicit assumption that all 
principals support des-cbc-crc, as well as a per-principal attribute to 
control which enctypes are permissible for session keys in service tickets 
for that principal.  These features can be used to limit single-DES keys 
to just the few legacy services such as AFS which require them.

-Ben Kaduk