Fedora considers removing NIS support

Posted Oct 30, 2021 22:04 UTC (Sat) by jhoblitt (subscriber, #77733)
In reply to: Fedora considers removing NIS support by Cyberax
Parent article: Fedora considers removing NIS support

If you break into a host configured as a freeipa client, or standard krb5 client, the only secret accessible is the host's keytab (and potentially cached TGTs of users). This does not provide the ability to create new principals on the KDC or impersonate the KDC. It also doesn't provide a secret that can be used to decrypt the communication between the KDC and any other kr5b client as the host key is used as an initial shared secret to then setup a session key. It is a completely valid criticism to say that there is no option of perfect forward secrecy for client<->KDC communication and compromising a host's keytab could allow decryption of its historical communication with the KDC from packet capture. I suspect some environments would still choose to use the existing shared secret scheme instead of paying the cost overhead of public key exchange but it would be nice if was an option.

It isn't clear to me if sssd has support for OCSP stapling. This is the only really relevant hit I can turn up: https://github.com/SSSD/sssd/issues/4907

Fedora considers removing NIS support

Posted Oct 30, 2021 22:23 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

As far as I understand, if you can access the keytab for the machine, then you can impersonate the KDC for that machine. As far as I remember, there's no way to authenticate the KDC in that case. And you can use that to sniff users' credentials later.

With asymmetric keys you'd be able to put a non-secret public key on machines so that they can always verify that they're talking to the real KDC.

Fedora considers removing NIS support

Posted Oct 31, 2021 1:13 UTC (Sun) by rra (subscriber, #99804) [Link]

This is correct, but if you can access the keytab for the machine, in most situations that means you have root access to that machine anyway, so I'm not sure there's a lot of weight-bearing security space left. (I suppose, technically speaking, you have read access to a file that in theory is only readable by root, and it's not immediately trivial to turn that into full root access, but I wouldn't want to rely on that.)

Fedora considers removing NIS support

Posted Nov 1, 2021 16:03 UTC (Mon) by abo (subscriber, #77288) [Link]

"impersonate the KDC" is not how I'd put it (more like "impersonate the host"), but yes if you have access to the keytab for a host (and you can redirect IP traffic to your machine) then you can do everything the real host can do, including receiving ssh connections, over which the user then may send other secrets such as their passwords or their forwarded personal keys.

It's not really that different from having access to a regular SSH server's private host keys.