[OpenAFS] OpenAFS and single DES

Benjamin Kaduk kaduk@MIT.EDU
Thu, 11 Oct 2012 15:10:45 -0400 (EDT)

Sorry for the delay; I forgot this was in my 'drafts' folder, still.

On Mon, 8 Oct 2012, Booker Bense wrote:

> On Mon, Oct 8, 2012 at 10:05 AM, Jim Green <jfgreen@msu.edu> wrote:
>> Thanks for the responses, this is very helpful. One question:  are you
>> saying that if our existing user principals have both AES and DES encrypted
>> keys that it is possible to remove the DES keys without having to force all
>> our users to change their passwords (e.g. with kdb_util dump/load)?  It
>> seems to me I've read conflicting opinions on that.
> You can definitely remove the keys with a Heimdal kdc. It's one of the
> kadmin commands.
> It's not so clear to me how to do that with an MIT kdc.

I believe that MIT does not expose a way to alter the keylist of a given 
kvno, that is, delete just one enctype.
Furthermore, the KDC configuration to disable certain enctypes is global, 
so if you need to allow AFS to use single-DES keys, other services can as 

>> When MSU rolled out Kerberos 5 in 2005 we did force everyone to change their
>> passwords and my understanding is they all got triple-DES and AES keys in
>> addition to DES at that time and going forward.
> Well, that's definitely step 1 in the process and probably the most
> user visible source
> of pain.

Yup, if all users have AES keys that's a big help.
With the KDC configuration constraints mentioned above, you need to remove 
single-DES keys from service principals (that is, 'k5srvutil change' on 
the keytab while the KDC is not generating single-DES keys by default) in 
order to guarantee that single-DES is not used for them.  Once they have 
an AES key at all, it *should* get used most of the time, but to 
explicitly prevent single-DES from being used, there needs to not be a 
single-DES service principal key available to encrypt the ticket with.

-Ben Kaduk