Kerberos and Active Directory symmetric cryptography in practice COSC412

Similar documents
How To Use Kerberos

Theorie Practical part Outlook. Kerberos. Secure and efficient authentication and key distribution. Johannes Lötzsch and Meike Zehlike

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman

Authentication Applications

Kerberos on z/os. Active Directory On Windows Server William Mosley z/os NAS Development. December Interaction with.

Authentication Applications

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Guide to SASL, GSSAPI & Kerberos v.6.0

Using OpenSSH in a Single Sign-On Corporate Environment with z/os, Windows and Linux

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

IceWarp Server - SSO (Single Sign-On)

SAP SINGLE SIGN-ON AND SECURE CONNECTIONS VIA SNC ADAPTER. Author : Matthias Schlarb, REALTECH system consulting GmbH. matthias.schlarb@realtech.

Juniper Networks Secure Access Kerberos Constrained Delegation

WATCHING THE WATCHDOG: PROTECTING KERBEROS AUTHENTICATION WITH NETWORK MONITORING

Kerberos: Single Sign On for BS2000

Using Kerberos tickets for true Single Sign On

The following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:

Configure the Application Server User Account on the Domain Server

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization

Implementing a Kerberos Single Sign-on Infrastructure

Authentication Application

Single Sign-On for Kerberized Linux and UNIX Applications

Kerberos authentication made easy on OpenVMS

Hadoop Elephant in Active Directory Forest. Marek Gawiński, Arkadiusz Osiński Allegro Group

Connecting Web and Kerberos Single Sign On

Configuring Integrated Windows Authentication for JBoss with SAS 9.2 Web Applications

ENABLING SINGLE SIGN-ON: SPNEGO AND KERBEROS Technical Bulletin For Use with DSView 3 Management Software

FreeIPA 3.3 Trust features

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

TIBCO ActiveMatrix BPM Single Sign-On

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Using Active Directory as your Solaris Authentication Source

Troubleshooting Kerberos Errors

Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications

White Paper. Fabasoft on Linux - Preparation Guide for Community ENTerprise Operating System. Fabasoft Folio 2015 Update Rollup 2

Two SSO Architectures with a Single Set of Credentials

INUVIKA TECHNICAL GUIDE

Configuring Integrated Windows Authentication for Oracle WebLogic with SAS 9.2 Web Applications

Taming the beast : Assess Kerberos-protected networks

Centrify Identity and Access Management for Cloudera

SSL SSL VPN

Use of EASE Code of Practice. This code of practice is also qualified by The University of Edinburgh computing regulations, found at:

CS 356 Lecture 28 Internet Authentication. Spring 2013

Architecture of Enterprise Applications III Single Sign-On

FreeIPA Client and Server

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA

Identity Management: The authentic & authoritative guide for the modern enterprise

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Kerberos Active Directory for HP Thin Clients

Configuring Active Directory Single Sign-On (AD SSO)

RHEL Clients to AD Integrating RHEL clients to Active Directory

Chapter 15 User Authentication

Apple Technical White Paper Best Practices for Integrating OS X with Active Directory

Troubleshooting Kerberos Encryption Types

Secure Unified Authentication for NFS

Introduction to Computer Security

10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)

Kerberos and Single Sign-On with HTTP

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham

FreeIPA v3: Trust Basic trust setup

How To Use The Gss-Api And Sspi For A Security Reason On A Microsoft Microsoft Server (Or A Microsplatte)

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

Setting up Single Sign-On (SSO) with SAP HANA and SAP BusinessObjects XI 4.0

Client Server Registration Protocol

How to build an Identity Management System on Linux. Simo Sorce Principal Software Engineer Red Hat, Inc.

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Configuring Squid Proxy, Active Directory Authentication and SurfProtect ICAP Access

CA Performance Center

FreeIPA - Open Source Identity Management in Linux

Kerberos SSO on Netscaler through Kerberos Constrained Delegation Or Impersonation

HOBCOM and HOBLink J-Term

FreeIPA Cross Forest Trusts

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

Leverage Active Directory with Kerberos to Eliminate HTTP Password

How-to: Single Sign-On

Cross-Realm Trust Interoperability, MIT Kerberos and AD

Configuring Hadoop Security with Cloudera Manager

Centrify Single Sign-On

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Integrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation

Active Directory and Oxford Single Sign-On

Migration of Windows Intranet domain to Linux Domain Moving Linux to a Wider World

Integrating OID with Active Directory and WNA

Step- by- Step guide to Configure Single sign- on for HTTP requests using SPNEGO web authentication

Configuring Integrated Windows Authentication for IBM WebSphere with SAS 9.2 Web Applications

Building Open Source Identity Management with FreeIPA. Martin Kosek

Managing Identity & Access in On-premise and Cloud Environments. Ellen Newlands Identity Management Product Manager Red Hat, Inc

Windows Security and Directory Services for UNIX

Transcription:

Kerberos and Active Directory symmetric cryptography in practice COSC412

Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise the relationship between Kerberos and Microsoft Active Directory 2

Motivation for Kerberos 1983: Project Athena (MIT + DEC + IBM) Support campus-wide distributed computing Particular emphasis on educational use Project Athena had lots of significant outputs Thin clients, X Windows, IM, directory services, Athena terminals widely dispersed, physically Also needed to handle a large number of users Users have different privileges 3

Kerberos goals Provide a consistent means to authenticate to different services Moreover, provide single sign-on across them Facilitate mutually secure interactions between client and server Operate over untrusted networks (So keep an eye out for shared secrets!) 4

Kerberos in context MIT developed it: public release in late 1980s Kerberos is very widely supported at OS level MacOS, Linux, Windows, *BSD, Solaris, etc. Used for Apple s Back to My Mac Since Windows 2000, Kerberos is the means of authenticating to Windows domains Crucial component of Microsoft Active Directory 5

History of Kerberos versions Versions 1 3 were internal to MIT after all, it was for Project Athena Version 4: released in late 1980s 56-bit DES = you shouldn t use it anymore Also has protocol weaknesses (encrypt. oracle) USA classified it as auxiliary military technology Version 5: released 1993; 2005 [RFC 4120] Allows negotiation of encryption algorithms 6

Kerberos difficulties Tickets have timestamps; time-based validity Requires synchronised clocks Key Distribution Centre (KDC): Single point of failure in distributed system The KDC itself can be clustered... but clients need to be able to reach it! Further: breaking into KDC breaks all security Keys are tied to hostnames 7

How does Kerberos use crypto.? Kerberos works with symmetric key crypto. Can also use asymmetric key cryptography Where s the shared secret? Actually have lots of pairs of shared secrets! Kerberos provides authorisation via tickets You can show what A says about you to B A and B don t need to communicate directly Instead ticket includes digital signatures 8

Kerberos architecture For authentication purposes (infrequent) Client Authentication Server (AS) part of the Key Distribution Centre (KDC) For service authorisation purposes (frequent) Ticket Granting Service (TGS) also part of the Key Distribution Centre (KDC) Service Server (SS) 9

Kerberos service use: four phases 1 User proves identity to their console e.g., via password, smart-card, etc. 2 Client contacts authentication service (AS) Single sign-on done; authentication complete Client receives a ticket granting ticket (TGT) 3 Client contacts service authorisation (TGS) Client receives a service ticket (ST) 4 Client contacts service server (SS) Authorised to access service by the ST 10

Discussing authentication phases User proves identity (to AS) by using longterm, secure credentials AS interacts with KDC s database to acquire TGT Session key also established TGT allows user to make authenticated requests from the TGS without using longterm secure credentials (i.e., SSO) 11

Discussing authorisation phases User presents TGT to TGS This shares the session key TGS sends back service ticket TGS and the target service share a secret TGS can tunnel a message to service via user Key point: service tickets have a lifetime! thus client can cache them locally 12

Compare Kerberos & SSH pub- key Kerberos: authorisation + authentication Supports delegation; fine-grained access control SSH key-pair is typically about your ID Can create keys for services, but not ID-linked Security model different. Compromised host? Using public-key SSH, host learns your private key Using Kerberos? Less bad: root trust in KDC also, ticket will expire 13

Accessing a service: SSH Let s add a user testme, password testme : ~$; sudo adduser testme # setup-kerberos.sh tweaks DNS entries used on this slide. /vagrant/bash-vars.sh; /vagrant/kerberos/setup-kerberos.sh SSH using a password : ~$; ssh testme@precise64.testdomain whoami testme@precise64.testdomain's password: testme (Note: If you have already run kinit, you can remove your tickets by using kdestroy) 14

Kerberos in practice: first steps /vagrant/kerberos/setup-kerberos-credentials.sh First, look at Kerberos from client s view : ~$; klist klist: No ticket file: /tmp/krb5cc_1000 : ~$; kinit testme # the password is password (!) testme@testdomain's Password: : ~$; klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: testme@testdomain Issued Expires Principal Aug 9 12:20:18 2014 Aug 9 22:20:15 2014 krbtgt/testdomain@testdomain Kerberos 5 tickets: name/instance@realm Note that default domain was preconfigured TESTDOMAIN typically related to DNS domain 15

Accessing SSH service w/kerberos SSH using Kerberos : ~$; ssh testme@precise64.testdomain whoami testme In more detail: : ~$; ssh -v testme@precise64.testdomain whoami OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 debug1: Host 'precise64.testdomain' is known and matches the ECDSA host key. debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Authentication succeeded (gssapi-with-mic). Authenticated to precise64.testdomain ([127.0.1.1]:22). debug1: Sending command: whoami Kerberos is a GSSAPI implementation 16

Having SSHed, look at our tickets Requesting SSH has cached tickets for us: : ~$; klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: testme@testdomain Issued Expires Principal Aug 13 07:38:09 2014 Aug 13 17:38:07 2014 krbtgt/testdomain@testdomain Aug 13 07:38:26 2014 Aug 13 17:38:07 2014 host/precise64.testdomain@ Aug 13 07:38:26 2014 Aug 13 17:38:07 2014 host/precise64.testdomain@testdomain (Note that the middle ticket is due to my dodgy hack to avoid setting up DNS properly!) SSH to precise64 can use cache Do not need to contact the TGS 17

Kerberos steps in detail Client requests services for user from AS No sensitive data sent to AS (has shared secret) AS checks for valid user, and if so sends: Message M1: {K_session[client TGS]}K[client user] I am using notation {D}K for D encrypted with key K. Message M2: {TicketGrantingTicket}K[AS TGS] Includes client ID, ticket validity, K_session[client TGS] Client AS request M1 & M2 Authentication Server (AS) Ticket Granting Server (TGS) Service Server (SS) Key Distribution Centre (KDC) 18

Kerberos steps in detail Client decrypts M1 using key generated from user authenticating (user auth failure means client can t decrypt) Client gets K_session[client TGS] Client can t decrypt M2, and doesn t need to Client can now actually authenticate to TGS Client Authentication Server (AS) Ticket Granting Server (TGS) Service Server (SS) Key Distribution Centre (KDC) 19

Kerberos steps in detail To use a service client sends 2 msgs to TGS: M3: {M2, serviceid} M4: {clientid, timestamp}k_session[client TGS] M4 is called an authenticator TGS retrieves M2 from M3; decrypts M2 TGS now has K_session[client TGS] Client M3 & M4 Authentication Server (AS) Ticket Granting Server (TGS) Service Server (SS) Key Distribution Centre (KDC) 20

Kerberos steps in detail TGS decrypts M4 (the authenticator); sends: M5: {ClientToServerTicket}K[TGS server] Ticket has client ID, validity, K_session[client server] M6: {K_session[client server]}k_session[client TGS] Client can now make auth request of service Client M5 & M6 Authentication Server (AS) Ticket Granting Server (TGS) Service Server (SS) Key Distribution Centre (KDC) 21

Kerberos steps in detail Client sends Service Server (SS) two msgs: M7: {M5} M8: {clientid, timestamp}k_session[client server] SS decrypts M7; gets K_session[client server] SS then decrypts M8 (which is an authenticator) Client M7 & M8 Service Server (SS) Authentication Server (AS) Ticket Granting Server (TGS) Key Distribution Centre (KDC) 22

Kerberos steps in detail If SS is satisfied with client s authenticator (M8), it sends the following msg to the client: M9: {timestamp[from M8]+1}K_session[client server] Client checks updated timestamp within M9 Client can trust server; start issuing requests Client M9 Service Server (SS) Authentication Server (AS) Ticket Granting Server (TGS) Key Distribution Centre (KDC) 23

Examining the ticket we requested We can get more information from klist : ~$; klist -v Credentials cache: FILE:/tmp/krb5cc_1000 Principal: testme@testdomain Cache version: 4 Server: krbtgt/testdomain@testdomain Client: testme@testdomain Ticket etype: aes256-cts-hmac-sha1-96, kvno 1 Ticket length: 317 Auth time: Aug 9 06:19:20 2014 End time: Aug 9 16:19:17 2014 Ticket flags: enc-pa-rep, pre-authent, initial, proxiable, forwardable Addresses: addressless Addressless: can use with NAT, etc Note that encryption type is negotiable 24

Cryptography in the ticket Ticket etype: aes256-cts-hmac-sha1-96 (also includes key version number 1 ) AES block cipher with 256-bit key Using cipher-text stealing (CTS) CTS allows non-block-length data to be handled Hash Message Authentication Code: SHA1? SHA1 is 160-bits the 96 just means it s truncated 25

Kerberos tickets: encrypted fields Field Name Flags Key Client Realm Client Name Transited Authentication Time Start Time End Time Renew Till Client Address Authorisation- Data Description Options regarding how & when ticket can be used (more later). Session key for (en/de)crypting client/server communications. Realm from which the ticket was requested. Name of the requestor. List Kerberos realms that participated in cross-realm client auth. Timestamp from when client first received TGT. TGS copies this time to service tickets. Ticket is valid after this time. Ticket is not valid after this time. (Optional) A RENEWABLE ticket (more later) can be renewed up until this time. (Optional) A list of addresses from which the ticket can be used. (Optional) Authorisation data relating to the client: not interpreted by the KDC directly. MIT Kerberos uses the field for access restrictions. Microsoft Kerberos uses field to store SIDs (user + their groups). 26

Kerberos flags Flag Description FORWARDABLE (TGT only) TGS is instructed that it can issue new TGTs with different network addresses, when a client shows this TGT. FORWARDED TGT: indicates this TGT was forwarded. Non-TGT: shows that a ticket was issued from a forwarded TGT. PROXIABLE (TGT only) TGS is instructed that it can issue tickets with network addresses different from the TGT s. PROXY Ticket s address is different from that of the TGT that authorised it. MAY-POSTDATE (TGT only) TGS is instructed that postdated tickets are OK. POSTDATED Records that this ticket was postdated when issued. INVALID Services must have KDC validate this ticket before it s used (e.g., a postdated ticket that hasn t yet reached its start time). RENEWABLE If End Time has passed, but Renew Till has not, the KDC can issue a new ticket without requiring re-authentication. INITIAL Ticket not issued based on TGT, e.g., part of initial AS interaction. PRE-AUTHENT The KDC authenticated the client before issuing a ticket. The evidence may be within this ticket (e.g., an authenticator). HW-AUTHENT Special-purpose hardware device was used for authentication. 27

Kerberos administration: first steps Let s rewind: see how Kerberos was set up On VM we first have to install packages Also hack /etc/hosts so we don t need DNS In terms of actual Kerberos administration: First the database needs to be initialised: sudo kadmin -l init --realm-max-ticket-life=unlimited \ --realm-max-renewable-life=unlimited TESTDOMAIN Note that the -l option means we use a local Kerberos database, rather than remote admin. 28

Administration: adding a service Establish shared KDC service secret sudo kadmin -l add --random-key --max-ticket-life='1 day' \ --max-renewable-life='1 week' --expiration-time=never \ --pw-expiration-time=never --attributes='' \ --policy='default' host/precise64.testdomain sudo kadmin -l ext_keytab host/precise64.testdomain Here we cheated on /etc/krb5.keytab KDC and SSH are sharing the same keytab file! Otherwise would copy keytab file to SSH server : ~$; sudo ktutil list FILE:/etc/krb5.keytab: Vno Type Principal Aliases 1 aes256-cts-hmac-sha1-96 host/precise64.testdomain@testdomain 1 des3-cbc-sha1 host/precise64.testdomain@testdomain 1 arcfour-hmac-md5 host/precise64.testdomain@testdomain 29

Administration: adding a user Add a user principal to the local database: sudo kadmin -l add --password='password' --max-ticket-life='1 day' \ --max-renewable-life='1 week' --expiration-time=never \ --pw-expiration-time=never --attributes='' \ --policy='default' testme Note: testme principal was added before the Linux user had been created, in earlier demo! Conventions link principle names and users e.g. SSH s GSSAPI accepts login if you hold ticket: host/fqdn@realm (bold indicates a variable) 30

Distributed Kerberos authorisation Many other principals created in our VM: krbtgt/testdomain@testdomain kadmin/changepw@testdomain kadmin/admin@testdomain changepw/kerberos@testdomain kadmin/hprop@testdomain WELLKNOWN/ANONYMOUS@TESTDOMAIN Allows for password changing, etc. 31

Microsoft Active Directory Combines LDAP, Kerberos and dynamic DNS Facilitates an almost point-and-click setup of complex distributed infrastructure Lightweight Directory Access Protocol LDAP manages hierarchical directory of principals Makes it easy to manage groups privileges Dynamic DNS allows clients to join domains from non-fixed infrastructure 32

Microsoft AD in context Microsoft s basic Kerberos is standard Interoperation with other OSs is well supported Some implementation-specific behaviour: e.g. password changing protocols added by MS since they weren t standardised by MIT Samba from v4.0 onwards allows Linux to act as an Active Directory Domain Controller Many open source AD drop-in replacements 33

Kerberos cross- realm authentication E.g. allow service tickets in B.REALM.ORG to be issued for principles from A.REALM.ORG Add to A.REALM.ORG and B.REALM.ORG principal krbtgt/b.realm.org@a.realm.org Principles need same key, enctype, etc. For two-way trust, also add to both KDCs: principal krbtgt/a.realm.org@b.realm.org SSH asks for other realm s TGT from local TGS 34

Kerberos cross- realm authentication Microsoft AD incorporates similar concepts Comprehensive options for AD cross-tree trust Use cases include company mergers, etc Includes explicit Kerberos 5 realm trust (complexities: MS ticket-equivalent has more fields) Cross-realm authentication killed Kerberos 4: Attacker that controls one realm can fabricate principal names to align block-cipher blocks and have target realm help create forged tickets Attacker can authenticate as target s local users 35

In summary Described the motivation behind Kerberos, how it works, and its relationship to Microsoft Active Directory. Indicated how symmetric cryptography fits within Kerberos systems, and its limitations. Demonstrated how Kerberos can be configured to be used for authentication and authorisation of service use. 36

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information