[OpenAFS] "public" pkinit service without database-overflow risk?

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 03 Jan 2006 22:36:24 -0500

On Tuesday, January 03, 2006 05:15:17 PM -0800 Adam Megacz 
<megacz@cs.berkeley.edu> wrote:

> "Douglas E. Engert" <deengert@anl.gov> writes:
>> And this is where PKINIT may play a much bigger roll. The "cross trust"
>> is done at the PKI level, and certificates are enrolled in the local
>> realm as needed.
> Is it feasible for a PKINIT-aware KDC to issue session keys to
> KRB_NT_X500_PRINCIPAL's without having to retain any record of the
> transaction (ie not keeping a copy of the certificate or session key)?
> I'm not aware of any existing KDC implementations that will issue
> tickets to an entity that isn't already in the database -- or for
> which there is not already an explicit "mapping" entry of some sort.
> The pkinit patch for Heimdal requires a "pki-allowed-principals"
> explicit mapping section in the KDC config.
> In theory this should be possible, although to prevent denial of
> service attacks, it would have to be done as I mention in the first
> paragraph -- it would have to be "stateless".
> From RFC4120 and the PKINIT draft 16 I don't immediately see any
> problems with this.  Could somebody with more knowledge of Kerberos
> than I comment on potential obstacles to this?

For starters, you should look at more recent versions of PKINIT than that.
The current version is draft-ietf-cat-kerberos-pk-init-31.txt, available 
from your favorite I-D repository mirror.

There is nothing which would prevent a KDC from issuing tickets to a client 
based solely on the certificate it presents, without any prior record of 
the client's existence.  However, that's not the same as issuing a ticket 
for any random cert presented by a client -- the KDC would have to be able 
to validate the certificate based on some existing trust anchor.

Note that KDC's are already stateless.  Every KDC implementation I know of 
logs the requests it handles for debugging and auditing purposes, but none 
actually maintain any "state" other than a short-term replay cache.

-- Jeff