On the Cryptography mailing list
(
http://www.metzdowd.com/pipermail/cryptography/2018-May/034150.html)
a question came up, regarding Kerberos' ability to replace passwords in a secure way.
As John Gilmore pointed out, Kerberos on Ubuntu uses the outdated sha-1 hash, so I tried
to find out
what Fedora does instead.
What I found confuses me.
In the directory /etc/krb5.conf.d you'll find a file named "crypto-policies"
(which is a link actually) with the following
content:
[libdefaults]
permitted_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192
camellia256-cts-cmac aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128
camellia128-cts-cmac
I thought that the entries under permitted_enctypes would limit the cipher-suite that
would be acceptable by my
brand-new F28 installation. So I deleted everything except the two cipher-suites I want to
allow and changed the
content of this file to:
[libdefaults]
permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
The result (after a fresh reboot) was that authentication to
FEDORAPROJECT.ORG shows that
still the
sha1 ciphersuite is being used. The same applies to my old F26 installation.
$ klist -e
Ticketzwischenspeicher: KEYRING:persistent:1000:1000
Standard-Principal: senderek(a)FEDORAPROJECT.ORG
Valid starting Expires Service principal
10.05.2018 11:28:27 11.05.2018 11:25:08 HTTP/id.fedoraproject.org(a)FEDORAPROJECT.ORG
erneuern bis 17.05.2018 11:25:08, Etype (Skey, TKT): aes256-cts-hmac-sha1-96,
aes256-cts-hmac-sha1-96
10.05.2018 11:28:27 11.05.2018 11:25:08 HTTP/id.fedoraproject.org@
erneuern bis 17.05.2018 11:25:08, Etype (Skey, TKT): aes256-cts-hmac-sha1-96,
aes256-cts-hmac-sha1-96
10.05.2018 11:25:14 11.05.2018 11:25:08 krbtgt/FEDORAPROJECT.ORG(a)FEDORAPROJECT.ORG
erneuern bis 17.05.2018 11:25:08, Etype (Skey, TKT): aes256-cts-hmac-sha1-96,
aes256-cts-hmac-sha1-96
Does anyone here know why the Kerberos crypto-policy does not do what it's supposed to
do?
Ralf