by: Steve Rothwell
This is where all the info about the meeting is. The page will be maintained and revised by Paul Hill. I gave him a copy of my notes and presumably others will too so eventually you might see official minutes.
after Microsofts presentation (by Richard Ward) and pbhs discussions with rw, pbh was careful to describe what MS has done as a "kerberos like implementation".
Wednesday 13 Nov
- Introductions
- V4 on UNIX
- kTelnet status
- encryption spec
- Cygnus on windows and Mac NCSA telnet
- Vendor support of kerberos
- Kclient API
- Discussion of multiple APIs available on Windows
- Kerberized applications
- Kerberos and the web
- breakout sessions
- Mac programmers to talk about
- Mac UI issues for both v4 and v5.
- What are the best features from Kconfig, CNS, MacLeland
- Windows programmers to talk about
- cache issues 16 bit and 32 bit
- application support
- OLE vs. Thunking
- API for a cache DLL (from v5 discussions)
Thursday, November 14th
- Kerberos version 5, GSS API, Kerberos and public key cryptography
- JGSS, UIUC's Java implementation of GSS
- Current status of GSS API / Kerberos v5 from MIT, Cygnus, Open Vision, Microsoft.
- Kerberos v5 interoperability issue
- NT GINA (Graphical Identification and Authentication) DLL & SUN's PAM (Pluggable Authentication Modules)
- Kerberos and public key infrastructures
- Higher level APIs to lower the cost to enter the GSS world
- What work is currently being done?
MIT
- No new v4 unix apps from MIT
- MIT Athena environment now uses Cygnus v4 libraries, not MIT
- no library maintenance being done on unix,
- no new APIs for ease of use,
- no docs,
- obsolete,
- someday will shut it off, but that will be a long time from now.
- K4 investment for transition sake, more later.
- Still need to support login on new OSs ... and to provide that level of support
- working on a login library that will do v4 and v5 tickets at the same time
Unix
- Ted - unix Mac PC?
- unix hard to find versions
- Ted Tso actively developing TN for v5 but v4 is there too
- Ted Tso - BSD telnet tree has telnet there, MIT has not had good luck getting changes back into BSD release .. MIT has stopped trying due to delays ... separate branches in K5 tree ... something is available at ... core dumps fixed actively maintaining in v5 tree, v4 not tested, whats in v5 tree works. See also ??? & Cygnus
PC
- PC Client - Allan is working on one, got authentication to work, needs stream encryption
- ??? done it to NCSA
- McGill Business Systems (Pierre couldnt come)
- commercial product from McGill Bus Systems
- tuning TN3270
- does telnet with vt220, 530 ... wyse ...
- restructuring, new name,
- Paul Hill worked with adding kerberos support,
- not released, wants libs for all versions,
- pbh expects to work with him
- academic site license = $500/platform
- all windows platforms,
- Mac coming.
- 4 source modules avail (from MIT) using unix API so cross platform
- kermit -Frank DeLaCruz
- talking to various ...
- Frank wants platform portability ...
- pbh says been hearing about this for over 1 year ...
- its coming ...
- McGill Business Systems kTelnet (occurred out of order, click here to go there)
encryption should be done before sending your display environment variables ...
in k5 they try to kill connection if encryption not done early enough
interesting work for someone who wants s to "meditate deeply" ...
MIT servers reject connection due to ??? zeroed or not zeroed ???
- plan to port to all platforms?
- uses SSPI NOT GSSAPI (rw says they will use GSSAPI once its standardized, I think?)
- secure[32] DLL
- carry SIDs in ticket
- krb derivative .. incompatible on the wire?
- encryption not available initially due to export issues?
- after Microsofts presentation Thu (by Richard Ward) and pbhs discussions with rw, pbh was careful to describe what MS has done as a "kerberos like implementation".
- OEMd this app to several vendors ...
- distinct , ipswitch, & Novell
- vendors dont run cells themselves but need to test
- McGill asked MIT to give principals out, MIT said NO
- any vendors / sites interested?
- not aimed at getting their feet wet ... want "toy realm"
- [has some kerberized app - kTelnet?] but it wont test ... up to educational institutions , "they wanted it" ...
- Steve Dorner mentioned ... dont talk to each other ...
- some folks have left ... late change in 3.0 beta ...
- now use wshelper (used to use hesiod)
- using Locus DLLs with v4&5 support ...
- cache issues ...
- storing cache in DLL (play with use count to keep DLL in mem)
- no sharing if you dont use their DLL
- MIT has no relationship ...
- Brian Kemp (Gradient) coming tomorrow
- Nancy Gilman nlgilman@cygnus.com spoke for Cygnus
- they might be interested in helping vendors with testing ... it has been talked about ... they can certainly help Qualcomm ...
- their test environment would be V5 with V4 capability...
- its more likely to be free than charged for because it would be a lot of work to try to figure out how to charge for it ...
- someone suggested they be sure to create a second realm for inter realm testing
- Chaird Mauch said they "might be offering a secondary realm"
- were talking to Ted ... interest waned ... not enough market ...
- but now that MS has announced its doing kerberos, interest may rise ...
- all new passwords done with krb(?) string-to-key ...
- PC & Mac client libs preserve old key type (because UM insisted) ...
- can only migrate users from unix interface,
- must tell PC & Mac user to change their passwords on a unix machine ...
- patches sent to Transarc ... ignored ... can make the avail in AFS contrib ...
- someone suggested you could turn on PW checking on the server ... could manipulate there
- Eric Fair spoke. He is the "official internet standards boy" for Apple ...
- works for Larry tessmer (who did Apple talk?)
- tries to represent apples interest, and bring docs back to beat engineers over the head with ... (note lack of docs)
- if market decides ... theyll do it ... if no demand, no product ...
- would be willing to take some of work done by others and doc / test / make it a product ...
- pluggable authentication structure would be nice ...
- "security issues are a deep and abiding concern"
- other apple employees at the meeting said they want to use kerberos (theyre from MIT) but havent found the right alley to go down
- "apple research lab can do whatever they damn well please" ... talk to Eric
- "apple would like to survive, but they bled $1Billion last year" ...
- "Im not asking for DCE on my Newton" ...
- proprietary mail systems from apple are dying
- internally POP based internet used, IMAP hoped for ...
- applelink is dead ...
- interoperability issues may make kerberos more interesting
- he's posted a paper on this on the kerberos list / news group
- AFS compatible tickets out of the DCE registry ...
- daemon built by OV that takes v5 ticket and emits v4 ticket ...
- inter realm in a different direction ...
- setup an application ...
- must change apps to use this ... different klog ...
- nothing runs krbv4 server protocol ...
- possible to set up v4 realm and service tickets for 4&5 completely separately
- Mike Oltz (windows side) ...
- not familiar with Mac code ... can take Mac Qs home ...
- project mandarin : original goal was to give administrative users access without 3270s
- CUSP to do transactions, KClient on Mac first
- windows version thinner than Mac version
- later extended to handle transaction management
- windows side done hastily (1.5 months), hasnt been updated
- efforts lately in CUSP library ...
- originally all transactions done ad hoc on clients ... needed common library ... does krb stuff internally ... Mac on KClient, win raw krbv4
- no plans to progress on the windows side ... will only write to CUSP in future
- project 2000 to reduce admin. overhead,
- change from custom software to shrink wrap,
- restructuring ...
- people not needed ...
- people left Pete losanko (orig. Mac KClient developer) has left ... posted position ...
- there is a difference between mandarin & Cornell
- consortium is independent, project Mandarin Inc. ... its a separate entity ...
- people mostly left, layoffs followed by quits ...
- KClient avail for free, separate from Mandarin code ...
- MIT will distribute source for KClient on Windows in next release
- Mac / Windows latest versions and features Versions 1.5, 1.6, & 1.7
- v1.5 for windows (I think)
- in v1.6
- server side calls into API,
- exposed server stuff,
- control panel for config
- problem with cache initial ticket ... fixed
- v1.7 from Dartmouth
- Rich Brown built on 1.6 base
- ticket time slider to control lifetime
- menu bar icon to logon without application asking for it
- ticket lurking is a loaded gun,
- theyve implemented a "floating window" that shows your name and catches user's attention,
- closing that kills ticket,
- becomes a user education issue
- bitten by keystroke capture on Mac
- added feature to defeat this ...
- strokes written to secret memory, KClient gets from there
- changes names users use ...
- type in nickname, looked up, gets fullname (unique) and gets ticket for that.
- 1.7.2b to be released by end of week,
- changes will be passed to Cornell (who have no programmers working on this at this time)
- what are the differences between Mac and PC APIs?
- are there resources committed to resynch Mac & PC?
- plans for next release
Cygnus
- not much to say,
- will talk to Cornell,
- what are transition needs or straight translation to V5/GSSAPI...
- how do we take it into the future ..
- lots of Standards, no resources, large installed base that depend on this ...
- work with vendors (Qualcomm included) to help move / transition / move fwd ...
- not maintaining what we have currently
Eudora, telnet various, news watcher, Key server, Qualcomm with locus
Stanford
- MacLeland
- out for a while ...
- 1.0 since Feb. ...
- uses MIT/Cygnus based code,
- spent time making UI as they want it, local config, login feature, screen locking,
- NOT ACTIVE since Andy Moss left ... have been tugging on his sleeve but are currently "between developers""
- has a shim to support KClient API
- PCLeland
- supposed to look same,
- beta any day,
- Cygnus code based,
- work done by contractor, who has left vendor and prohibited from working on this, cant even talk about it.
- planned to support MFC .... were very important ..
- intended KClient shim
- "simple for Mac" simpler than all the unix calls,
- k4 only
- predates stable GSSAPI
- Cornell is TRYING TO FIND A HOME for KClient
- something about a "famous fruit name"that went over my head - "can say more in two weeks"
- cant wrap GSSAPI with KClient
- Kclient is too simple, cant do multiple packets for mutual authentication ....
- possibly kludge for K5 ... no mechanism independence
- all Mac kerberos implementations are drivers
- drivers will die in OS8
- all will need to be reworked
- all are screwed
- Allan plans to do a Kclient shim, to support Eudora and "a few smaller apps" at UM
- not maintained by Cornell
- check back in two weeks
- K5 in mandarin is doubtful ...
- Mandarin is moving away from code development
Vendors
- Cygnus
- Krbv4win
- Krbv4w32
- KClient
- KClient32
- PCLeland
- Authman (Authlib)
- dead on windows
- Kerb95
- FTP Inc.
cache interoperability
Problems with
- IsCredExpired() - Eudora doesnt notice IPAddr has changed, would like to change this to return FALSE if addr changed, but encrypted in servers key. Mod key structure, create new ticket with addr in clear text would only change structure of local cache not ticket that passes over the wire.
- could change server to not check ...
- cache authenticator (to protect against replay attack)
- solved in K5, can get TGT with no IPAddr and server doesnt check
- k5 also protects against replay attack
- if multi-homed host, all addrs are put in ticket
- krb_check_serv()
OS/2 support
- in krbv4 DLL there is an OS/2 compile flag, no threads, no mutex, can race, same as W3.1. Some apps do mutex in app, ugly but done
- MIT has no resources to do OS/2 work (the guy left)
NT version (MIT)
- not thread safe, still some globals ...
- Jenny has tried to get rid of some of the blocking in the MIT stuff
- DNS registration requirement is GONE !!!
- it was old debugging code that didnt get removed but now has been
- Thread safe issues
- Discussed time synchronization issues and UMs "black hole"
- could use NTP for time on Mac ...
What apps are available or in progress
- send anything you know about to Paul Hill <pbh@mit.edu> and he will include it in the web page from this conference
Need a common source of information for all of us
Plans for Kerberized services on MAC and MS OSs
Steve Carmody chair for this session
gave a very good overview of the alternative implementations
access control over the web
assume unmodified browser
2 categories Callback & Proxy
callback
- browser calls server,
- server detects acl necessary,
- server calls client out of band for authentication info
- e.g. mandarin Sidecar,
- client responds ...
proxy
- get between browser and server
- originated as OSF research institute
- (the guy left for SLAC) Andy Hanashevsky to build on CUSP ...
- not all browsers had proxy support when they started so KLP mechanism wouldnt work for them ...
- server connects back to client to get ticket (SUSSP reply)...
- problems
- have to do on EVERY http request ...
- doesnt seem to slow things down ...
- needs other strange support for appletalk and ip addresses ...
- does work, avail, in use at Cornell ...
- fully integrated with the rest of kerberos since is uses KClient ...
- also lets people print back to appletalk printers ...
- has it been subjected to serious security attacks (e.g. man in the middle) ...
- 50/50 chance of hijacking a connection ...
- unix client needs to grovel through kernel stuff (track changes)
- unix part ugly ...
- instance has to end with "-agent" ...
- a page could use a CGI form to get users credentials and do something ...
on callback topic ...
Ted ... on unix?
- didnt work for unix clients ...
- ident protocol had the hooks and it is being maintained (to do the kernel groveling)
- decided to extend ident to allow it to return kerberos tickets ...
- tried to fix man in the middle by encrypting port nos. ...
- having something sitting on your machine that answers authentication requests is a problem ...
- web world marching towards public key ...
- little depts. can deploy VERY EASILY
- webstar on a Mac ...
- ALL MANDARIN SPECIFIC but cant talk about it ...
- Cornell not doing much with SSL
- talked about an example of sharing copyrighted material,
- can be avail but only to registered students,
- instructor wants something easy ...
- you can restrict to just once class ...
- once youve got the ticket, you can do whatever you want ...
- leverage authorization mechanism on campus ...
- mandarin permit server ...
KLP
- I was drafted to make a presentation on this (about 1 hour notice)
- I didn't take notes, this is what I remember ...
- from what I heard at the meeting and understood I think KLP is obviously superior.
- Almost all other presenters started with
- given that we had to support .
- We couldnt mandate Netscape
- When we started wasnt available
- only KLP said works with unmodified client, unmodified server, takes 12 lines in CGI script
??? OSF originated gradient calls this webCrusader ...
- WAND assumes DCE operational and fully deployed ...
- "fully op DCE environment" leaves most of us out
- puts a proxy on the desktop ... client talks to proxy ...
- uses special WAND server via DCE RPC ...
- uses std DCE acl mechanisms ...
??? MIT
- secure gateway, security administrator ...
- doesnt require DCE,
- assumes public key FI&OP ...
- supports authentication via public key (v3+ for both) ...
- secure gateway ..
- maps Public Key to DCE ident and calls WAND server who uses your DCE ident ...
- WAND server uses DCE acl mechanism to restrict ...
- dont need DCE on every desktop,
- but need cell ...
- cost is public key infrastructure in place ... and map to DCE cell ...
- hope Jeff will explain tomorrow how to do this ...
- certificate handling in Netscape v3 isnt ready for prime time ...
- really painful to replace server ...
- v4 will do it right .. certificate handling ...
- disagree ... use what theyve set up and it works well, to torque it is problematic ...
- kiosk, unix, single user machine being used as multi- user machine ...
- ours only requires K4,
- leverages off exiting environment,
- all web traffic goes through the proxy ...
- increased complexity on the desktop, help desk ,
- if proxy croaks all is dead ...
- Do you know about ... Netscape auto proxy config ...
- proxy configuration menu ...
- Java script decides whether to go through proxy or not . ...
- even works with Java script turned off ...
- specific URL to use to get this ...
- web servers still like to use DNS subdomains name for acl ,
- proxy breaks this (sgr@umich.edu) ... pragma(for=...)
- requires server mod ...
- question about proxy on multi user unix needing kernel stuff
digression about telnet spoofing ...
question on now that weve authenticated you, how do we enforce acl ...
- Netscape and directory server ... LDAP ... SLAPD ... adding SSL, improving ...
- Stanford looking at HPs praesidium ...
- I didnt get why this needed discussion, we just do krb, IFS,
Ksign Ted MIT ...
- in discussion with vendor partners ... bus week article ... "ecat" ...
- reengineering supplier ..
- secure electronic purchasing over the web ...
- no pub key certificates ...
- couldnt mandate Netscape or any browser,
- wanted real security ...
- solution used helper app ...
- client talks to office depot server,
- catalog knows your IPAddr and gives you the MIT prices,
- client picks items,
- session id in URL,
- when ready to order,
- connection to profile daemon at MIT, unencrypted
- gets your ship-to addr and account nos. for choice box (not secure),
- then press BUYIT button,
- server at vendor sends magic http doc to server
- application=ksign ...
- invoke helper app on client unix, win, mac ...
- contains IPAddr of krb authentication server,
- Krbv5 & GSSAPI ..
- authenticated connection to KDC ..
- order id put in order DB,
- Ksign app runs on client,
- then makes krb authentication connection to transaction daemon on server,
- sends order back to Ksign on client,
- verifies with user,
- sends back to server,
- server gets OK from AMEX,
- marks order as done.
- TransDaemon needs V5 on unix box,
- also needs to talk to AMEX, and vendors orderDB.
- TransDaemon written by NetMarket ...
- but not generic enough with all the special I/Fs,
- Client side simple, down side is all the hair is on the server side,
- NetMarket got bought, ... "error 0 while connecting" ...
- 18months ago,
- now web clients can do public key, and easier to say thou shalt use Netscape ...
- left with niche market ...
- alternatives are EDI (requires customer ...)
- or individual credit cards which loses nice reporting ...
- alternative needs to present special prices for MIT still
- ... cant roll it out, cant kill it, walking living dead ...
- SET on the horizon
Breakouts
Mac UI issues for v4 & v5
I did not attend this breakout
Windows
cache
16/32 bit application support
OLE -vs- Thunking
API for a cache DLL (from v5 discussions)
Ted Ts'o presented his proposal for a Cache DLL API
Problem 1:
- tickets stored in files ...
- backup saves this (ticket) file
problem 2 ...
- shared workstation space,
- shared NT box (GINA solution) ...
- how do you make sure tickets disappear ...
- assumption is that power down flushes all temporal data ...
- storing tickets in a file is a bad idea
- locus (partnered with Qualcomm), will store in a linked list inside a DLL, stored in an instance of the DLL,
- if using another implementation of krb ... you cant get at the tickets because they/re in locus.dll ...
- and weve lost the single signon model
- fragmentation of krb implementations on Windows side ...
- Ideally standardize ...
- K5 is much larger and more complicated.
- implement a cache DLL,
- paper distributed, outdated before meeting over
- store any way you want,
- file,
- linked list in DLL,
- smart card,
- registry,
- structured storage,
- memory file,
- someplace that Win16 apps could get at ...
- type PW once ...
- store in memory ...
- K5 library providers would use cache DLL.
- Cybersafe or locus or ... any vendor can store tickets anywhere they want
- possibly also works on OS/2 ..
- save in a file all have access to same ticket.
- start app that stored credentials and client does IPC to get it
- Cybersafe, locus, gradient ...
- Ted wants feedback ...
- whats chance of getting vendors to buy in ...
- pbh asked Microsoft about sharing config info, cache, etc.
Thu 14 Nov
JGSS, UIUCs Java implementation of GSS
return to yesterdays topic ... secure http
Current status of GSS API
Kerberos v5 from MIT, Cygnus, Open Vision, Microsoft
MIT (Ted)
- trying to push 1.0 out the door,
- at feature freeze now, a few more bugs ...
- will be out the door before Xmas (so Ted can go home) ...
- wont have NT support in 1.0.
- have W3.1 support ...
- separate tarball with NT support ...
- cross platform issues sticky ...
- will stay as separate tree wont have all the bug fixes ...
- once 1.0 released they will work on merge ...
- triple DES support coming
- (Hugo Hurity from IBM) in kerberos there are crypto sins, not fatal, but cryptographers dont sleep well ...
- dont use a key to do all encryptions ...
- how to do triple DES that satisfies cryptographers and still be upwards compatible ...
- parallel to 1.0 release ...
- when agreement on how to do and minor changes to protocol spec ...
- will be backwards compatible with single DES ...
- Mac ... in an interesting state ... code works ..
- 1.0 can build CFM (code fragment modules) ...
- can link in K5 with SAP3 GUI and it works ...
- congressional issues ...
- UIP on Mac looks like KClient ...
- how to deal with MacOS8 ...
- lots of work to be done on UI, low level library works ...
- will accept contributions on UI ...
- both 68K and PPC code fragments ...
- want to pretend 68000 never existed, support 68020 and up
- Mike ... all bugs turned back to MIT...
- stable on unix tree ...
- same problems on NT tree ...
- admin up to date, except NT ...
- still working on the NT side ...
- built libs, doing cross functional tests ...
- admin code and their stuff
Cygnus
- many changes back to MIT ...
- NT working ...
- client side of NT working including telnet .. all he can say ...
- Cygnus tree not merged for 6mos ...
- Mac tree only builds static libs ...
- there is encrypted telnet for Mac, but not in MIT tree ...
- MIT Mac tree ...
- badly bashed NCSA telnet Cygnus has improved ...
- weak on apps for Mac side
- MIT needs only ecat and SAP3 on Mac side so no telnet for Mac ...
- separate tree for Mac
- plug in architecture in NCSA Telnet doesnt work with K5 ...
- architecture needs to change ...
- suggests starting with Nifty Telnet uses Authman not KClient
Microsoft
- Richard W from MS (NT Security)
- released preview at PDC included DS and K5.
- their implementation has different name type and different STK
- but compatible with K5 ...
- will fix issues by release ...
- keyed towards GSS,
- not exposing krb I/F,
- may expose cache I/F ...
- GSS compatible wire formats ...
- negotiation package to ...
- cross realm/domain ...
- how do they build their ...
- doesnt support now because DS couldnt ...
- but they have a policy object to determine number of trust links assign key and who you trust and youre off ...
- integration with web browser .. yes
- ADMIN protocol to manage KDCs NO admin used ...
- all admin exposed in DS via LDAP ...
- preview released at PDC,
- beta scheduled 1Q97 ...
- STK question ... will fix before beta ...
- upgrade path, compatibility for existing sites ...
- force KDC conversion ...
- v4 compatibility / DCE ...
- "client will work best with their server" ...
- DS tightly bound ...
- client will be able to accept tickets from any one who has their key,
- but will have to map into MS keys ,,
- using authinfo portion with NT SIDs ...
- will need NT realm/KDC ...
- once this is done, theyll turn over their ticket format to MIT ... its up to MIT ...
- GSSv2 waiting for release of std ...
- staying with GSSv1 since they have it now ...
- question on management of other platforms ...
- snapin to management console management of other platforms ...
- MGMT console can take snapins that can do anything you want ...
- multiple domain stuff will be in by beta 1 ...
- no cross realm in pre release ...
- MSDN level 2 and above gets beta ...
- pbh wants to know about sharing realm config ...
- local security authentication ,
- loads DLLs krb in one of these ...
- tickets stay in memory ... will
- expose cache for interoperability ...
- default realm need ..
- dynamic location of KDC ..
- login via GINA ...
- will be propagated back to 4.0 and DOS ...
- login stuff arent part of generic API .... GINA ...
- they are the system GINA ...
- model is security package logs on ...
- all other pkgs. are notified with logonid and PW ...
- hoping to reduce need for GINAs ...
- supplement replace ...
- GINA layer logs you on to what you select Krb or NTLM ..
- other packages notified ...
- userid and PW passed in clear text passed in notification ...
- look for GINA filter in SDK ...
- "W95 isnt really a secure platform"
- SSPI backfilled to DOS ...
- with RPC runtime comes security DLL and will run under DOS ...
- its there ...
- is secure32 in W95 YES, 32b platforms are easy ...
- krb in browser ...
- uses web authenticate field in get header
- IE3 and IIS server know to look at that Web authentication provider name / stuff ...
- passed to SSPI layer ...
- could tunnel with SSL but not done now ...
- push seems to be on SSL ...
- protocol spec on krb web theyre doing ...
- just return a GSS encoded ticket ...
- 3 leg authentication done now ...
- example in httpauth on SDK ...
- will this creep to Mac ...
- limited amount of security ...
- will be no krb layer on Mac unless sufficient demand ...
- is there a doc ...
- base 64 encoding of blob which is SPI ticket ...
- see httpauth example on SDK
- GSS and SSPI ...
- both will be supported ...
- will layer on or beside existing SSPI I/F worst case scenario is put both in same DLL.
v4 support
- Doug Engert from Argonne DEENGERT@anl.gov
- DCE cell w k5 AFS Cell w k4 ...
- can get ticket from DCE and convert to v4 ticket ... could be extended ... needs access to servtab
- OSF has no plans to support V4
- Doug has posted an article about this in the kerberos news group since the meeting
interoperability with DCE environment
- krb5 config issue
- krb.conf vs krb5.conf
- diffrent names
- location of files ...
- can share servtab file except names different
- etcv5srvtab renamed krb5
- based on session credentials ...
- new cache with ...
- DCE login spawns a shell, kinit returns to same shell ...
- cant link a DCE xxx with krbv5 library since its based on v4 and dsects have changed ...
- can do cross cell between v7 and DCEv1
- #principals differ ...
- cache format version#s MIT up to 4
- didnt want to go to DCE because V4 compatibility a killer ... pic on bard
- AS calls ...
- diagram on board ...
- AS / TGS / PS keep PAC out of TGT and pass on credentials ...
- MS says they have this architecture ...
- suggests they look into exposing more of it ...
- keys have to match across ASs ...
- admin I/Fs let you put keys in ...
- must put in and set at same time with same version
- TGS key not changed automatically (but should be) ...
- theGuy hasnt looked at the code in a long time ... cant speak ...
- Ted urged coop between MIT, DCE and MS
- conflict in cross realm mapping ...
- MIT parses cell name to determine hierarchy via DNS ...
- OSF doesnt use DNS names,
- uses slashes and goes other direction ...
- proposal to determine topology ...
- by the way this was all hypothetical ...
- SDSI is public key ...
- it could fit ... interaction among a bunch of folks esp. inter enterprise ...
- attempt to avoid N-squared ...
- there may be some low hanging fruit with respect to use of public key for inter realm authentication ...
- leveraging this requires a pub key infrastructure you trust ...
- need to trust a public key tree hierarchy ...
- fruit may be higher than you think ...
- is SDSI stuff worth watching or is there something else ...
- see NetBlaze policy paper ...
- public key stuff in DCE ...
- model was wanted to Public Key but no commitment to certification model,
- KDC doesnt have secrets so compromise problems dont require ALL USERS to change PW
application vendor interoperability (SAP Oracle PowerBuilder Locus)
Ted (MIT) on interoperability
- v4 compatibility ...
- no money in it ...
- but thats where youre v5 customers come from ...
backwards compatibility to v4 in MITs v5
- extensive base at MIT,
- new v4 stuff still appearing,
- backwards compatibility big deal at MIT,
- MANY more clients than servers and FEW KDCs.
- Servers will do both (dual headed)
- fewer app servers and they are under our control ...
- KDC supports both v4 & v5 requests ..
- STK algorithms v5 folds realm name into key to avoid same PW in multiple realms ...
- CMU does include
- v5 can support multiple STK algorithms,
- built into protocol ...
- means you can take a v4 DB and convert to v5,
- tagged with STK type so things will still work ...
- can also convert a v5 tgt to a v4 tgt via a translator
- admin protocols backwards compatibility daemons that accept v4 passwords for changing pwds
- plan is to replace v4 KDCs with v5 KDCs and ideally no one notices except for new capabilities ..
- slave is v5 master is v4 ...
- replication does conversion ...
- have to use v4 to change password because master is still v4
- rest of admin functions ...
- admin change PW, add users, etc. kadminD
- plan to do this but wont be in 1.0 ...
- not widely used ...
- MIT tied into MOIRA too ...
- early 97 ...
- make it easy for v4 site to move into v5 and then to DCE or NT
- or live happily among all.
- Docs avail (Cygnus) about migration from V4 ...
- if not adequate let Cygnus know ...
- theyve helped many make the transition with a warm and fuzzy feeling
- Doc will come in 1.0 distribution,
- not avail at Cygnus web site.
- ed apps first or KDC first
- k5 supports multi-homed hosts, forwarding,
- doing IMAP with v4 is just silly.
- New apps will be written to GSSAPI ...
- working with McGill on telnet , then GSS, ...
- dont want NEW apps the require V4 ...
- kerberos LIKE thing from MS that wont interoperate smoothly with what were all doing
- Cannon at DEC may have done a GSSAPI for V4 ...
- if MIT was going to do imp theyd do an XOR / NEXor so they could ship it overseas ...
- effort from overseas so SAP
- we cant ship apps that require a lib that we cant export ...
- NOOP library ...
- Microsoft CAPI .is now known as "Crypto API"
- is an open deal,
- MS has key commerce jurisdiction ...
- signing a CSP is a defense related activity ...
- developer kit to do a CSP is controlled ...
- assertion is that apps written to crypto API are exportable ...
- nothing written in US is blanket export ready,
- calling MS APIs "will not hinder your exportability" ...
- exportability is on a case by case basis ...
- this is a rat hole ...
- Crypto API is in a system DLL thats not easily replaceable and MS wont help anyone do it ,
- but its just bits ...
- an app using system APIs wont be hindered ...
- going for a CJ is chancy ...
- depends on the clerk you talk to ...
- binaries -vs- source is VERY different ...
- your mileage may vary
- App/dB vendors adding strong security e.g. Oracle ...
- Ted coordinates krb development at MIT ... also deals with vendors ... evangelist ...
- Oracle (secure New Svcs v2) has krb support MIT and Cybersafe krb 2 flavors ...
- store in memory not in a file ...
- users expect tickets to disappear on power down ...
- Win/Mac users expect to shut down machines and have secrets go away ...
- Locus stores them in a linked list in the DLL. Cygnus V4 does this as well.
- MIT looking at defining a DLL for caching ,
- in file,
- memory,
- smart card,
- only 7 or 8 calls.
- Easy to thunk for 16 bit apps ...
- wants all krb providers to agree to use this ...
- even k5 1.0 will store tickets in a file ...
- first implementation of cache will be I/F to the file
- Kerb95, 16bit MITv4 and 32bit MITv4 will all share same cache Allan & Paul will work together over the next 2 mos.
- CMU has one for v4,
- goal was to provide a blocking login
- verifies who you are and
- tries to log you into Novell server ...
- code avail on request
- UM
- Allan deployed at one site ...
- small set of features ...
- some things dont work as expected ...
- need something by Jan ...
- verify user in realm,
- allows others to veto and mounts AFS file space via krb samba service ...
- mapping everyone into an account ...
- avoid duplicate user accounts
- W95 pseudo network provider also done by Allan
- mounting whats in users profile,
- not AFS only ...
- only trying to replace MS GINA with krb as authentication medium.
- Mike at OV shipping,
- doesnt lock people out,
- can but not turned on,
- as simple as possible ...
- can select realm or domain ,
- synchronized PW change.
- Auditing via event log.
- No complaints from users.
- Deployed though not yet massively.
- Some customers want same for W95, but cant provide ...
- zephyr GINA ...
- SUNs PAM ... pluggable authentication modules ...
- originally done at Sun (Roland who's here)
- accepted by DCE and OSF???
- public spec
- API for programs that need to PW inspect and change to use ..
- instead of checking PW you call Pam Lib which provides authentication,
- password change via calls to PAM lib.
- PamLib knows list of shared libs to call to do this,
- allows stacking multiple modules .. e.g. try krb, Y/N/Fail, dont need to constantly modify vendors logins to live in our environments ...
- separate project Linux PAM, freeware reimplementation, with help from PAM guys at Sun,
- spec wasnt sufficient,
- believe this is compatible,
- not yet tested,
- freely avail,
- OS independent,
- a lot like GINAs, but allows stacking.
- Ted intends to provide K5PAM module
- RW did GINA two years ago for large banks in other countries
- Apple pledges to look into this since they wont provide source.
- Macs in public clusters need login procedures, but not his decision,
- weve been heard ...
- password policies
- Pam again chains these,
- makes two passes
- 1. will you accept this PW and are you up.
- 2. make it so
- HP is putting it into 10.20 or 10.30
- Solaris 2.6 will have it.
- DEC says they will.
- IBM "seems interested".
- Its in the CDE ...
- Linux red hat shipped with it first despite late start ...
- will send Paul the Linux Pam web page ...
- already there
- pbh ... MIT havent done one yet ...
- some Netware across subnets ...
- we dont route IPX ... trying to figure out ... need Novells GINA ... issues of IPX or ...
using krb to obtain X.509 client certificates JEFF Schiller
- names, public keys, digitally signed docs tie these together ...
- work your way back to a key that you trust ...
- x.509 is silent about key hierarchy ... name of issuer ...
- how you figure out if you trust a given key is your problem
- NS in V1 hard coded a few root keys
- Only one prepared to issues certificates was VeriSign (from RSA).
- Provides 3 services Integrity (stream unchanged), client knows that server is correct server (or warned)
- VeriSign had a monopoly (and behaved like it)
- NS in v2 broke the monopoly
- allows users to configure ... self signed certificate ...
- dialog boxes attempt to inform user whats going on ...
- allows us (MIT) to configure out own CA
- thats SSL as of before Aug
- did not provide AUTH
- ecat ... problems ...
- out on a limb ...
- leverage what we have today, ignore the future ...
- again if they started over theyd do it differently .. .
- In the browser world things arrive fast enough that you can predict the future ...
- vendors going to public keys ...
- end users can get class 1 certificates ...
- kerberos is not an incompatible infrastructure ,,,
- we ought to be able to leverage
- NS Certificate <keygen name=userkey challenge="some value"> tag
- users see pull down slider for what kind of key ...
- US 1024, 768, 512, international version allows only 512 (low) ...
- magic is that when you submit the form NS will generate a key pair ...
- it takes a while ...
- browser saves key.db (hashdb from Berkeley cracks NS .db files)
- takes public key and constructs an ASN.1 encoded ...
- sequence / public key / challenge /.../ signed with private key
- base 64 encoded
- then ... foo=xxx&userkey-"MMIBXWER" and
- offers user chance to password protect this.
- same PW encrypts ALL keys in the file
- (1/session, every time, after x minutes)
- user can change or remove PW.
- after this is done ... in future ...
- private key stays in key.db file ...
- w steps, post key to provider,
- later gets downloaded and installed as personal cert.
- from on SSL protected page, server can control level of security
- krbname & PW and keygen tag ...
- CGI program looks them up,
- get initial ticket, then defend against bogons ...
- then sign and download ...
- MIT certificate with their name and krb name ...
- server could look in certificate for kerberos name ...
- written in C++ compiled with G++ ..
- server is apache but no dependencies ...
- hack apache to get krbname and put it in an environment variable for CGI scripts ...
- advantage of this is that it works,
- its strong (no timing holes)
- based on SSL which is used in commerce ...
- no brainer ...
- users dont have to manually register just go to the web page ...
- if users forget their NS PW toss key.db, cert5.db restart NS and it will recreate them and get a new certificate and new key
- VeriSign offers several classes
- 1=reads email sent to this address ...
- sends email to your address,
- enter this code no and you get a certificate ...
- 2= credit card no, name, address,
- checks with credit bureau ...
- good indicator especially once pay the bill ...
- but cant export that certificate from work to home ...
- you can do it via hacking ... or MS personal effects transfer can export this ...
- for MIT having three certificates isnt a problem, they all map to krb name ...
- needs to remove .db files if in PUBLIC SITE ...
- certificates are cheap, can get them any time
- MS IE doesnt support keygen ..
- active X bb script invokes DLL user has to download ...
- avail from MS ...
- expects to support this on IE soon ...
- IE3 on Mac doesnt do certification at all ...
- on Windows still homework to do
- how do you know which certificates to use ...
- can delete them ...
- must to get one of same name ..
- can ask NS to ask every time which one to use ... but then it will ask for each graphic ...
- or xx or let Navigator choose ...
- user SSL3 user can indicate choice ...
- SSL2 and let NS choose dies (as in halt and catch fire) on all platforms ...
- one PW but multiple certificates is clear direction ...
- upgrade path to public keys from private passwords with server ...
- havent dealt with public labs ...
- trying for registrar ...
- MIT has only unix machines in public clusters .. .
- depts have them, but not managed by IS
- revocation not fully implemented ...
- server needs to know bad certificates,
- but easy to do
- didnt want to require plugin ...
- could do that and avoid sending PW in the first place (use existing tgt)
- alumni email for live 109M alumni ...
- web server name and PW ...
- first contact takes year of graduation, BD, spell your name ... youre in ...
- need to avoid caching (disable back button) ...
- make sure PW isnt left around ANYWHERE memory, disk ... grovel through the machine ...
- RC4 PW hashed with MD5 gets a 128 bit value used for RC4 ..
- encrypts each element ... RC4 allows XOR attack ... so more salt added
- on Mac key database and certificates 5
- wants (from NS) a way to say PW must be at least n chars long
- null PW stores keys in clear, passes over wire in clear ... back up tapes ...
- PGP vs SMime ...
- browsers are going to come out with SMime ...
- PGP will die unless something happens ..
- in 1 year well know the winner ...
- SMime needs 1 key per user,
- what if lost/compromised ...
- Jeff's fear is that in the mass market people will say "if I forget my PW Im dead so I want a key escrow service" ...
- Govt. says YES ...happy to provide ... and were hosed
- public key stuff is nice because there are no secrets
- legal problem your contract with Verisign says nothing about renewing your certificate which can kill your business ..
- there have already been problems in this area
- expect competition to bring reform in legal contract language
- next year first of public key patents dies ..
- by 2000 RSA patent dies ...
- Diffie Hellman causes RSA to be more lenient ...
- Bidzos lost bigtime in fight with SyLink ...
- he (Bidzos) has no objection to lying to get what he wants ...
- VeriSign doesnt allow regular expressions anymore ...
- VS wont let them distribute source ..
- SSLEAY is avail from Australia ...
- give key to VeriSign ...
- they have no way to know who generated that key
- Groups ...
- MIT has no centralized group structure ...
- could do group certificates, but depend on group membership termination to be fairly immediate ...
- MIT does groups in MOIRA and copies into AFS PTS database ...
- what you need for authentication can be very application specific
Kerberos and VM
- Jeff wrote a kerberized TN3270 server ...
- using Krbv4 lib from MIT
- 2-3 years old,
- got libs from Cornell who got it from MIT ...
- 2 clients
- Peter DeCamillo for Mac
- and McGill's tcp 3270 for Windows (in beta)
- and in line mode from unix.
- Working on packaging for distribution email Jeff@mit.edu if interested in code
- Certificate providers
- X509.COM in Vancouver ,
- ? south Africa,
- NS3 list,
- ATT
- MCI
- Sprint
- USPostal Service
- CanadaPost
other efforts
browser issues with this work
- i.e. Jeffs work supports Netscape but does not work with IE
- because IE using an ActiveX API that we dont have documentation for
what work is currently being done
what apps are available
- send pbh the info and hell make a link on the agenda page and future stable page
where should communication from this meeting go
- lots of krb mailing lists and news groups ...
- use newsgroup ...
- Mac folks want Mac kerberos list ...
- exists, hosted at brown ...
- peter and Marshall will revive
anyone have a page thats a list already ...
- client server version of CVS for NT ...
- unix client ..
- working on Mac one ...
- setup server so more than one of us can get at page and use CVS to rollback if error ...
- need operational CVS server ...
- probably CVS on local list ... shadow@andrew.cmu.edu ???
- see pbh agenda page for this
WWW kerberos mailing list from UIUC ... watch for this on agenda page
state of Krb Mac authentication page from ... everette_allen@ncsu.edu ...
Cygnus
- Cygnus products in progress ...
- k5 AFS integration ..
- most changes are in MIT tree ..
- KASrve convert to K5 DB and preserve Passwords,
- conversion tool kinda kludgey but a one time tool (Cygnus only) ..
- protocol support for AFS STK in MIT tree already
- making it easier to use AFS in v5 environment ...
- login gets v4 tickets and AFS ...
- delegated tokens ...
- bin login and XDM changes, controlled by config files ..
- AFS tokens .. lot of details
- token devices xmime.9 class active card digital pathways, enigma logic ckey X9.9 key mode .. unsupported in kerberos .. loading keys from ...
- ... I got lost here ... secure id ... can demand module
- XConsortium ..
- encrypting extension trying to get into spec ...
- virtual packet layer uses XEvents and XReplies for safe msgs and kerberos on top of that ...
- initial connection with no authentication ...
- all you can do is enable security extension and proceed from there works with LDF and Broadway ...
- straight K5 now ..
- absence of user to user ...
- vendor Xservers ...
- trying to get into X11 r6.3 so vendors pick it up ..
- XPC is X protocol compressor ...
- like SSH ... do Krbv5 ... trying to put GSSAPI into XPC ...
- writing in C++ can make it harder to understand than in C
- neat project would be to drop GSSAPI into XPC starter project
- triple DES is coming ...
FTP
- secure FTP spec in his mailbox ... send marc@cygnus ...
RFC1510 cliff Newman promising replacement ... needed ... cliff wont respond
internal crypto layer needs to know what its being used for ...
- universal file and print ALLAN ...
- Linux boxes on campus with kerberized ... wrappers to LanMan DLLs to get connection to server via krb,
- exchange krb and AFS tokens ...
- W95 limits PW to 14 chars ... limited how to do ...
- MS conventions to control ...
- deploy NT boxes behave like in NT domain ,
- but use our stuff ...
- can get profile from central, but can't write back
- connection dropped before he tries to save ...
- can store preferences in AFS ...
- limited deployment now, wider in Jan ...
- bleeding money on paper and toner ...
- heading for charged for printing
- 300K pages per month
other sites part of same realm? accept homework on the net, MIT professors permit hand in via net de-permit at appointed time ...
- MIT authenticated printing ...
- 1200 page quota per year ...
- based on Apollo domain RPC stuff, broke many years ago ..
- now they gather data ... not enforced ...
- users know theres a quota which seems sufficient ...
- krb auth to LPD with Thomas hills from Germany
- krb and hesiod SL campus windows users ...
- source code to his DLL available, if you get license you can get source from MIT.
Mac has chooser level LPR kerberized ... Everett from NC ...
MIT has Mac KLPLPR ... not deployed due to bugs ... secure printing from LPD to printer as Thesis project
Stanford has proof of concept from Brown
- Stanford project
- plans to take home-brew printing and do charging on sidecar swipe system ...
- security between spooler and charging device Griffin->Debold device
Cornell Macs chooser to CAP server all sidecar protected ... charge against but students get money up front
Windows SAPLPD makes it a GSSAPI authenticated client prints to LOCAL printer from central server ... SAP has no plans to do SAPLPD on the Mac
windows/Mac how change PW ...
- MIT uses Leash ,
- Cornell KView . Mac
- MIT KPassword, KeyConfig ...
- retired them and went to web ...
- generate new ids and change PW via SSL link ...
- leash will get you both v4 and v5 ticket in next release ...
- new krb principles MOIRA needs ..
- port MOIRA client to windows ..
- in beta on Mac ... coming ...
- front ends (perl ) for kadmin
Stanford
- invented this wheel too ...
- take advantage of PIN number scheme ...
- generalized ... id card ... central place secure machine ...
- krb servers on secure machine in secure room ...
- DCE security server sitting on multi user machines ...
- what are operational issues of deploying ...
- new mode of deployment ...
- nothing says you cant run DCE server on dedicated machine ...
- if IBM is selling DCE this way theyre mistaken ...
- problem of people youre talking to dont understand the issue ...
- tell them you want to buy more hardware ...
- size of machine to run security server isnt big ... 486 runs MIT KDC
- was a microvax, now DEC3100 ...
- DCE needs more, but not orders of magnitude more...
- RAKF communicate with DCE ...
- issue is getting something working and figure out more later ...
- proposed config is dedicated AIX machine comm to security server on MVS and trust between those communicating with RAKF
MIT
- has 40-50000 principals
- CMU 20000,
- transaction rate ... surprisingly low 1-2/sec .. peaks at 5/sec ...
- how long to do slave dump (1-2 hours) ...
- may have been tried on UMICH
- will accept admin changes and tell the other 2 AFS KA server ...
- 70,000 principals at UM
- at UM all 3 are masters ...
- based on UBIC (widespread distrust was expressed here)
- NCState 40K and update hourly
what apps are being worked on
what docs are available
OpenVision
- sample apps ... docs taking programs through ... new sample apps, more complex for windows ... doing more complex .. with C++
CYGNUS
- new doc will be coming shortly is krb4to5 will com ...
- also programmer docs on using GSSAPI will be coming in a few mos.
Mark?? nutshell book
break out reports
- notification to user of tickets and their state ...
- not doc by apple ..
- how GSS shared libs live on Mac ...
- resurrecting old developers list ...
- also discussion of where to put tickets to be safe and get them destroyed ...
- faceless background app ...
- porting k5 KDC to Mac ...
- Cornell thought someone had ported k4 PDC to Mac ...
- will look ...
- never used in prod . ... proof of concept ...
- how to get Krb into apple ...
- AIX package from Cygnus avail
discussion about "what if k5 required people to get gmake" ... special free tool or kerberos release self contained ? already forced ZIP
Mac code already required untar
... long discussion on GMAKE and rototilling the makefiles for Mac ...
14:00 higher level API to lower the cost to enter GS world
OV working with C++ Wrappers
will this group cooperate to create an API or wrappers that will cover most of the GSS API programming tasks that application developers need to do
cats = common authentication technology ... seeking volunteers
John Myers promotes SASL as similar idea ... not alternative ...layers above GSS or other security ... SASL is how you do IMAP .. GSSAPI ... SASL fits into family of nntp, smtp, ntp ...
key signing party ... were done
last updated by sgr@umich.edu on 21 Nov 1996