[OpenAFS] Re: Heimdal KDC bug mentioned in rekeying document

[Benjamin Kaduk]

On Thu, 25 Jul 2013, Sergio Gelato wrote:

> I've been poking a bit into this. First of all, let's make sure I don't
> misunderstand your expectation here: do you want the KDC to be willing to
> issue a ticket with a des-cbc-crc session key (as requested by old aklog)
> even though the afs service principal does not have that enctype? Or are
> we Heimdal users expected to add that enctype to afs/cell whenever we
> rekey? The latter works with the Heimdal KDCs I've tried (the pre-1.4.0
> from Debian squeeze and the pre-1.6 from Debian wheezy), the former doesn't.

If the KDC is in a state where it must choose a session key enctype in the 
intersection of the service principal's keys and the client's list, then 
the latter should always work.  The DES key for the afs/cell principal 
will need to be entered into the KeyFile or removed from the rxkad.keytab 
in order for server-to-server authentication to work, though.

> The relevant code seems to be in kdc/kerberos5.c:_kdc_find_etype(). It was
> reworked in 2011, largely by Nico Williams, to use a new session key enctype
> selection algorithm (controlled by {tgt,svc,preauth}-use-strongest-session-key
> in krb5.conf, and now on by default) as an alternative to the old one. The
> old code, which the comments claim conforms to RFC4120, still cannot select
> an enctype that isn't in the intersection of the principal's and the client's
> lists. The new code looks like it should (provided that allow_weak_crypto=true
> for the KDC; the _kdc_is_weak_exception() mechanism won't help here) as a
> last resort, except it forgets to set ret=0 in the relevant code path
> (after "enctype = clientbest;"). It looks like the bug might still be there
> at the tip of the master branch as of this writing. I'll try to test my
> putative fix later tonight.

Thanks for looking into this.

-Ben