From: Theodore Tso Date: Thu, 16 Jun 1994 04:16:31 +0000 (+0000) Subject: Adding documentation files... X-Git-Tag: krb5-1.0-beta4~24 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0b6eac6750fe7af8f2b359a179d027cfeb7917df;p=krb5.git Adding documentation files... git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3831 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/HOW_TO_BUILD b/doc/HOW_TO_BUILD new file mode 100644 index 000000000..eac32b752 --- /dev/null +++ b/doc/HOW_TO_BUILD @@ -0,0 +1,298 @@ +In the Beta 4 distribution, we have included a new build system, which +was built using the Free Software Foundation's autoconf program. This +system will hopefully make Kerberos V5 much simpler to build for most +people, and reduce the amount of effort required in porting Kerberos V5 +to a new platform. + +In the future, we will be supporting only the configure method as the +method for configuring and building Kerberos. In this release, both +the autoconf and the old imake system are included, both to make +things easier for sites who have existing imake config files to +convert, and because the autoconf makefiles aren't quite as flexible +as the old imake system (although this will be fixed where the +flexibility is really needed) and because not all of the application +directories have been converted over to use configure. + +If you want to use the old imake system, skip down to the section +labeled "HOW TO BUILD KERBEROS V5 USING IMAKE". + +HOW TO BUILD KERBEROS V5 USING CONFIGURE +======================================== + +A) Find about 65 meg free; untar the krb5 sources. For example, + we will assume that you've untar'ed the sources into /u1/krb5, + so that the top of the source tree is /u1/krb5/src. + +B) If you don't want separate build trees for each architecture, then +use the following abbreviated procedure. + 1) cd /u1/krb5/src + 2) ./configure + 3) make + +C. If you want to separate build trees for different architectures, +then create each build tree in the top level; for example, +/u1/krb5/solaris, /u1/krb5/pmax, etc. Then on each platform, do +something like the following: + 1) cd /u1/krb5/pmax + 2) ../src/autotools/lndir /u1/krb5/src + 3) ./configure + 4) make + +If you have a make that supports VPATH (GNU make, for example), you +can simplify this procedure slightly: + 1) cd /u1/krb5/pmax + 2) ../src/configure + 3) make + +That's all there is to it! + +By default, Kerberos will expect its configuration files to be in +/krb5. This can be changed by passing the +"--with-krb5-root=/KRB5_ROOT_DIR" option to configure, where +/KRB5_ROOT_DIR should be replaced with the appropriate pathname. + +If you want Kerberos V4 backwards compatibility, pass the +"--with-krb4=/KRB4_DIRECTORY" option to configure. This requires that +the V4 include files be available in /KRB4_DIRECTORY/include, and that +the V4 Kerberos library be available in /KRB4_DIRECTORY/lib. + +=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +HOW TO BUILD KERBEROS V5 USING IMAKE +==================================== + + +To build kerberos v5 Beta four distribution (using imake): + +A) find about 65M free. + +B) pick up and build the following support pieces/programs if you don't +have them already installed: + + isode from ftp.psi.com:/isode/ + ISODE 6.8 works, but you must apply our + patches (pepsy-diffs) before buidling. ISODE + 7.0 is what we're using in-house. I believe + ISODE 8.0 should also work + + n.b. The isode in the sources isn't linked + into the imake build files. So you can use + this isode, but you'll have to compile it + yourself manually. + +C) building the system: + +1) edit any files you need to change (see below) +2) run 'make world' and everything should get built. +3) If you want to install stuff, you can later run 'make install'. + +Most of things you should need to change will be in +include/krb5/stock/osconf.h, config/site.def and/or an +architecture-specific file in config/. + +config/site.def: +--------------- + +If you don't have pepsy in your $PATH, then add #defines to +config/site.def to give its location. See the top of Project.tmpl for +the #define'ed names you should use. + +If you need additional library search paths to get the libraries, then +put the appropriate -L flag(s) into the #define of LdLibLocations in +config/site.def. + +See the other comments in config/site.def for other options you may wish +to turn on (such as moving the default locations for various installed +programs & manual pages). + +config/.cf: +------------------ + +Imake uses a separate configuration file to turn on/off certain options +on a per-system/architecture basis. See config/Imake.tmpl if you need +to figure out the name of the config file your machine will use. +[They're the same as those for X11R4, except that BSD on a VAX uses + rather than (XXX)] + +See ultrix.cf, sun.cf, vaxbsd.cf, ibm.cf for examples of things you +might want to include in this file. + +Certain options which control some conditional compilations of interest +are: +HasVoidSignalReturn YES if signal catching functions should + be void; NO if they should return int. +HasPosixTermios YES if you have POSIX termios terminal controls + NO if you have BSD/V7 sgtty stuff. + (if you have neither, check out the code + in lib/os/read_pwd.c) + +HasPosixFileLocks YES if you have POSIX file locking commands + NO if you have BSD-style flock() commands + (if you have neither, check out the code + in lib/os/lock_file.c) + +HasPosixTypes YES if you have POSIX *_t types in your + header files + NO if you don't +HasStringH YES if you have + NO if you don't +HasStdlibH YES if you have + NO if you don't +UseSysTimeH YES if you should use for + struct timeval + NO if you shouldn't +UseTimeH YES if you should use for ... + if neither this nor UseSysTimeH is defined, + then will be used if OS_BSD + is set, otherwise will be used. + +HasInet YES if you have BSD internet sockets + NO if you don't (not much will work in + this dist without them, though... see lib/os/) +HaveSetenv YES if you have setenv() in your library + NO if you don't +HasGcc YES if you have gcc and want to use it, + NO if you don't +HasNdbm YES if you have ndbm(3), + NO if you have dbm(3) + +Bitsize32 #define'd if you have 32-bit words + if not, good luck with the DES library. +Bitsize16 +Bitsize64 + +DesDefines -D flags to configure the DES library. + common flags here are: + -DMSBFIRST (big-endian) + -DLSBFIRST (little-endian) + -DMUSTALIGN (if you have to align + references to longwords) + -DBIG (32 bits) + +HasSaberC YES if you have Saber-C (this turns on + Makefile additions to make loading easier) + NO if you don't (but you should get it!) +SaberDefines extra -D flags for Saber-C loading + (such as -Dconst= to avoid a bug in + older versions of saber) + +WantPrototypes YES if your C compiler supports function + prototypes. redundant if your compiler + defines __STDC__, but may be useful if + your compiler has prototypes but isn't + fully __STDC__ + +NeedNarrowPrototypes YES if your C compiler supports function + prototypes AND you do not want the + parameter types to be widened/promoted. + NO if you want them widened (normal + setting, since narrow versions can lead + to interoperability problems between + modules compiled with different compilers) + +MakeDependFlags extra defines to be passed onto + makedepend when generating include file + dependencies. These might be flags that + your compiler sends automatically but + makedepend doesn't know about, e.g.: + -D__STDC__ -I/local/gcc-includes +STDCTopIncludes XXX include path for alternate STDC-ized + include files +StandardDefines -D flags for this system, e.g. + -YPOSIX -D_POSIX_SOURCE +StandardCppDefines -D flags to pass when only calling cpp, e.g. + -DPOSIX -D_POSIX_SOURCE + +telnet/telnetd need special configuration options, which are sometimes +determined by the operating system defines. see +appl/telnet/telnet/Imakefile, appl/telnet/telnetd/Imakefile, and +appl/telnet/old-makefiles/* for details. + +include/krb5/stock/osconf.h: +--------------------------- +There are several defaults you may wish to adjust in osconf.h: + +DEFAULT_CONFIG_FILENAME The pathname to the file which defines + the known realms and their KDCs. Same + format as V4 krb.conf +DEFAULT_TRANS_FILENAME The pathname to the file which a priori + assigns hosts to realms. Same format as + V4 krb.realms +DEFAULT_LNAME_FILENAME The pathname to the database mapping + authentication names to local account names. + See kdb5_anadd(8). +DEFAULT_KEYTAB_NAME The type and pathname to the default + server keytab file (the equivalent of v4 + /etc/srvtab). +DEFAULT_KDC_ETYPE The default encryption type for the KDC. +DEFAULT_KDC_KEYTYPE The default keytype for the KDC. +KDCRCACHE The name of the replay cache used by + the KDC. +RCTMPDIR The directory which stores replay + caches. + +include/krb5/stock/config.h +---------------------------- +Most of the defines in this file should be adjusted using your imake +.cf file; however, some of the defines located at the end of the file +may be of interest (and are adjusted manually since they tend to be of +interest on a site-wide basis) + +KRBCONF_VAGUE_ERRORS If defined, give vague and unhelpful + error messages to the client... er, + attacker. (Needed to meet silly + government regulations; most other + sites will want to keep this + undefined.) + +KRBCONF_KDC_MODIFIES_KDB Define this if you want to allow the + KDC to modify the Kerberos database; + this allows the last request + information to be updated, as well as + the failure count information. + + Note that this doesn't work if you're + using slave servers!!! It also causes + the database to be modified (and thus + need to be locked) frequently. + + + +NOTE for building Kerberos for multiple platforms +================================================= + +This is how we build Kerberos for multiple platforms here at MIT: + +1) Use the synctree program to build a symlink tree. The .rconf files +included in the distribution are for use with synctree. You can find +the synctree program in the same directory as you found this release, +athena-dist.mit.edu. + +Assuming you have a directory hierarchy which looks something like this: + + + |-decmips- + |-hpux---- +|-krb5-|-linux--- + |-solaris- + |-src----- + +A typical invokation of synctree might be: + + cd XXX/krb5 + mkdir decmips; cd decmips + synctree -s ../src -d . + +2) At the top level of the build tree (in the example above, krb5/decmips) +execute the following command to regenerate the top level makefile: + + imake -I./config + +3) Run a "make world". It is often advisiable to redirect the output +to a file, so that you can puruse any error messages when the compile +is finished. + + + + + diff --git a/doc/SOURCE-TREE b/doc/SOURCE-TREE new file mode 100644 index 000000000..944126d9a --- /dev/null +++ b/doc/SOURCE-TREE @@ -0,0 +1,118 @@ +Source tree organization (15 Jun 1994): + +admin: administrative tools + aname: manipulate aname/lname translation database + convert: convert a V4 database to a V5 database + create: create database + destroy: destroy database + edit: edit database [the most useful of the bunch] + stash: store db key for unattended service + +autotools: Tools to allow rebuild the configure scripts; requires that + you have GNU autoconf installed. + +appl: applications + bsd: The Berkeley rlogin/rsh/rcp suite + movemail: Emacs 18.57 'movemail' program with Kerberos + hooks for POP support. + popper: Berkeley POP server, with Kerberos and other + athena mods + gss-sample: sample client & server using the GSSAPI library + sample: sample client & server (using byte stream sockets) + simple: another sample client & server (using datagrams) + telnet: telnet client (v4 & v5 kerberized, plus other goodies) + libtelnet: support for telnet/telnetd + telnet: the client-side + telnetd: BSD UNIX telnet daemon + login: a version of login(8) which has the '-f' flag + necessary for using authenticated telnet + connections without a password + user-user: sample client & server using the user-to-user + protocol features. (NOTE: the client and server + programs are somewhat "backwards" in terms of how + they call the Kerberos 5 routines. Don't let this + confuse you.) + +clients: base-level kerberos clients + kinit: get tickets using password + klist: list ticket cache + kdestroy: destroy ticket cache + ksu: kerberized su program + +config: configuration control for source + >>> look at site.def, vaxbsd.cf, ultrix.cf, ibm.cf in + >>> particular for hints on things you might want to modify. + >>> Ignore the comments on the X11 stuff for now. + +doc: documentation hierarchy + api: The Kerberos api + +include: include hierarchy + krb5: kerberos-specific includes + kerberosIV: copies of kerberos v4 include files (used + for some programs which support both) + +isode: isode hierarchy. A subset of ISODE 8.0. Used only for + the autoconf setup. + +kadmin: Remote kerberos administration tools + client: The client program + kpasswd: User-client which allos users to change their + passwords + server: The server daemon + v4server: A V4 kadmin server which updates a V5 database + +kdc: Kerberos Server/Key Distribution Center + +krb524: Program which issues krb4 tickets when handed a krb5 TGT + +lib: library hierarchy + crypto: The cryptographic routines + crc-32: CRC-32 function(s) + des: MIT DES library + md4: MD4 code from Internet RFC 1186B + md5: MD5 code from Internet + os: Operating-system or configuration-specific code + + kdb: database interface routines + + krb425: link-level compatibility library; lets you link + v4 applications with v5 back-end code + + krb5: The Kerberos library + asn.1: ASN.1 definitions & glue files + The current set-up assumes that you + have ISODE 7.0 (or later) installed. + A subset of ISODE can be found in the + same directory where you picked up the + Kerberos distribution. + + ccache: credentials cache + file: file descriptor-based ccache + stdio: STDIO-based ccache + error_tables: Common Error description files & headers + free: routines to free various allocated data + structures + gssapi: GSSAPI implementation for Kerberos V5 + keytab: server key table routines + file: STDIO-based keytab + krb: Main kerberos library functions + os: Operating-system or configuration-specific code + posix: POSIX routines provided for systems + that don't have them + rcache: authenticator replay-cache code + +slave: Routines to propagate the Kerberos database from the + master to the slave databases (kprop/kpropd) + +tests: various tests + create: create a bunch of principals in a KDC database + verify: verify that the principals have the right keys + hammer: "hammer" the KDC with requests to help assure + proper KDC operation + +util: Utilities + et: The com_err library + ss: The subsystem library + makedepend: Program to rebuild the makefile dependencies + unifdef: Removes #ifdef/#endif code diff --git a/doc/TREE-GRAPH b/doc/TREE-GRAPH new file mode 100644 index 000000000..4630ec2c9 --- /dev/null +++ b/doc/TREE-GRAPH @@ -0,0 +1,95 @@ + + |-aname------ + |-convert---- + |-admin--------|-create----- + | |-destroy---- + | |-edit------- + | |-stash------ + | + | |-bsd-------- + | |-gss-sample- + | |-movemail--- + | | + | |-popper-----|-orig-makefiles- + | | + | |-sample-----|-sclient-------- + | | |-sserver-------- + | | + |-appl---------|-simple-----|-client--------- + | | |-server--------- + | | + | | |-arpa----------- + | |-telnet-----|-libtelnet------ + | | |-telnet--------- + | | |-telnetd-------- + | |-user_user-- + |-autotools---- + | + | |-kdestroy--- + |-clients------|-kinit------ + | |-klist------ + | |-ksu-------- + | + |-config-------|-doc-------- + |-config-files- + | + | |-gssapi----- + | |-kerberosIV- + | | + |-include------|-krb5-------|-asn.1---------- + | | |-stock---------- + | |-sys-------- + | + | |-compat----- + | |-h---------- + | | + |-isode--------|-pepsy------|-doc------------ + | | + | |-psap-------|-test----------- + | |-support---- +|-src-| |-util------- + | + | |-client----- + |-kadmin-------|-kpasswd---- + | |-server----- + | |-v4server--- + |-kdc---------- + |-krb524------- + | + | |-crc32---------- + | | + | |-des------------|-doc--- + | |-crypto-----|-md4------------ + | | |-md5------------ + | | |-os------------- + | |-des425----- + | | + | | |-generic-------- + | |-gssapi-----|-krb5----------- + | | |-sample--------- + | |-kdb-------- + |-lib----------|-krb425----- + | | + | | |-asn.1---------- + | | | + | | |-ccache---------|-file-- + | | | |-stdio- + | | |-error_tables--- + | |-krb5-------|-free----------- + | | + | |-keytab---------|-file-- + | |-krb------------ + | |-os------------- + | |-posix---------- + | |-rcache--------- + |-prototype---- + |-slave-------- + | + | |-create----- + |-tests--------|-hammer----- + | |-verify----- + | + | |-et--------- + |-util---------|-makedepend- + |-ss--------- + |-unifdef---- diff --git a/doc/krb5-protocol/krb5.constants b/doc/krb5-protocol/krb5.constants new file mode 100644 index 000000000..bf1a2e4f7 --- /dev/null +++ b/doc/krb5-protocol/krb5.constants @@ -0,0 +1,159 @@ +8.3. Protocol constants and associated values as of December 19, 1993 + + The following tables list constants used in the protocol and defines + their meanings. + + +---------------+-----------+----------+----------------+--------------- +Encryption type|etype value|block size|minimum pad size|confounder size +---------------+-----------+----------+----------------+--------------- +NULL 0 1 0 0 +des-cbc-crc 1 8 4 8 +des-cbc-md4 2 8 0 8 +des-cbc-md5 3 8 0 8 + +-------------------------------+-------------------+------------- +Checksum type |sumtype value |checksum size +-------------------------------+-------------------+------------- +CRC32 1 4 +rsa-md4 2 16 +rsa-md4-des 3 24 +des-mac 4 16 +des-mac-k 5 8 +rsa-md4-des-k 6 16 +rsa-md5 7 16 +rsa-md5-des 8 24 + +-------------------------------+----------------- +padata type |padata-type value +-------------------------------+----------------- +PA-TGS-REQ 1 +PA-ENC-TIMESTAMP 2 +PA-PW-SALT 3 +PA-DATA-SESAME 4 + +-------------------------------+------------- +authorization data type |ad-type value +-------------------------------+------------- +reserved values 0-63 +OSF-DCE 64 +SESAME 65 + +-------------------------------+----------------- +alternate authentication type |method-type value +-------------------------------+----------------- +reserved values 0-63 +ATT-CHALLENGE-RESPONSE 64 + +-------------------------------+------------- +transited encoding type |tr-type value +-------------------------------+------------- +DOMAIN-X500-COMPRESS 1 +reserved values all others + + +--------------+-------+----------------------------------------- +Label |Value |Meaning or MIT code +--------------+-------+----------------------------------------- + +pvno 5 current Kerberos protocol version number + +message types + +KRB_AS_REQ 10 Request for initial authentication +KRB_AS_REP 11 Response to KRB_AS_REQ request +KRB_TGS_REQ 12 Request for authentication based on TGT +KRB_TGS_REP 13 Response to KRB_TGS_REQ request +KRB_AP_REQ 14 application request to server +KRB_AP_REP 15 Response to KRB_AP_REQ_MUTUAL +KRB_SAFE 20 Safe (checksummed) application message +KRB_PRIV 21 Private (encrypted) application message +KRB_CRED 22 Private (encrypted) message to forward + credentials +KRB_ERROR 30 Error response + +name types + +KRB_NT_UNKNOWN 0 Name type not known +KRB_NT_PRINCIPAL 1 Just the name of the principal as in DCE, or + for users +KRB_NT_SRV_INST 2 Service and other unique instance (krbtgt) +KRB_NT_SRV_HST 3 Service with host name as instance (telnet, + rcommands) +KRB_NT_SRV_XHST 4 Service with host as remaining components +KRB_NT_UID 5 Unique ID + +error codes + +KDC_ERR_NONE 0 No error +KDC_ERR_NAME_EXP 1 Client's entry in database has + expired +KDC_ERR_SERVICE_EXP 2 Server's entry in database has + expired +KDC_ERR_BAD_PVNO 3 Requested protocol version number + not supported +KDC_ERR_C_OLD_MAST_KVNO 4 Client's key encrypted in old + master key +KDC_ERR_S_OLD_MAST_KVNO 5 Server's key encrypted in old + master key +KDC_ERR_C_PRINCIPAL_UNKNOWN 6 Client not found in Kerberos database +KDC_ERR_S_PRINCIPAL_UNKNOWN 7 Server not found in Kerberos database +KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 Multiple principal entries in + database +KDC_ERR_NULL_KEY 9 The client or server has a null key +KDC_ERR_CANNOT_POSTDATE 10 Ticket not eligible for postdating +KDC_ERR_NEVER_VALID 11 Requested start time is later than + end time +KDC_ERR_POLICY 12 KDC policy rejects request +KDC_ERR_BADOPTION 13 KDC cannot accommodate requested + option +KDC_ERR_ETYPE_NOSUPP 14 KDC has no support for encryption + type +KDC_ERR_SUMTYPE_NOSUPP 15 KDC has no support for checksum type +KDC_ERR_PADATA_TYPE_NOSUPP 16 KDC has no support for padata type +KDC_ERR_TRTYPE_NOSUPP 17 KDC has no support for transited type +KDC_ERR_CLIENT_REVOKED 18 Clients credentials have been revoked +KDC_ERR_SERVICE_REVOKED 19 Credentials for server have been + revoked +KDC_ERR_TGT_REVOKED 20 TGT has been revoked +KDC_ERR_CLIENT_NOTYET 21 Client not yet valid - try again + later +KDC_ERR_SERVICE_NOTYET 22 Server not yet valid - try again + later +KDC_ERR_KEY_EXPIRED 23 Password has expired - change + password to reset +KDC_ERR_PREAUTH_FAILED 24 Pre-authentication information + was invalid +KDC_ERR_PREAUTH_REQUIRED 25 Additional pre-authentication + required* +KRB_AP_ERR_BAD_INTEGRITY 31 Integrity check on decrypted field + failed +KRB_AP_ERR_TKT_EXPIRED 32 Ticket expired +KRB_AP_ERR_TKT_NYV 33 Ticket not yet valid +KRB_AP_ERR_REPEAT 34 Request is a replay +KRB_AP_ERR_NOT_US 35 The ticket isn't for us +KRB_AP_ERR_BADMATCH 36 Ticket and authenticator don't match +KRB_AP_ERR_SKEW 37 Clock skew too great +KRB_AP_ERR_BADADDR 38 Incorrect net address +KRB_AP_ERR_BADVERSION 39 Protocol version mismatch +KRB_AP_ERR_MSG_TYPE 40 Invalid msg type +KRB_AP_ERR_MODIFIED 41 Message stream modified +KRB_AP_ERR_BADORDER 42 Message out of order +KRB_AP_ERR_BADKEYVER 44 Specified version of key is not + available +KRB_AP_ERR_NOKEY 45 Service key not available +KRB_AP_ERR_MUT_FAIL 46 Mutual authentication failed +KRB_AP_ERR_BADDIRECTION 47 Incorrect message direction +KRB_AP_ERR_METHOD 48 Alternative authentication method + required* +KRB_AP_ERR_BADSEQ 49 Incorrect sequence number in message +KRB_AP_ERR_INAPP_CKSUM 50 Inappropriate type of checksum in + message +KRB_ERR_GENERIC 60 Generic error (description in e-text) +KRB_ERR_FIELD_TOOLONG 61 Field is too long for this + implementation + + *This error carries additional information in the e-data field. The + contents of the e-data field for this message is described in section + 5.9.1. + diff --git a/doc/krb5-protocol/rfc1510.errata b/doc/krb5-protocol/rfc1510.errata new file mode 100644 index 000000000..fff0d9854 --- /dev/null +++ b/doc/krb5-protocol/rfc1510.errata @@ -0,0 +1,64 @@ +---rfc1510.eratta---as of June 14, 1994--- + +1. [19940312] The following lines describes corrections to pseudocode + in rfc1510 as of March 12, 1994. + + A: Throughout the pseudocode (section A), flags.ALLOW-POSTDATE should be + replaced by flags.MAY-POSTDATE. kdc-options.ALLOW-POSTDATE is + correct, however. + +A.2: In the processing for the kdc-options.POSTDATE (imperitive), both + the POSTDATED and the INVALID flag should be set. The setting of the + POSTDATE flag was inadvertantly omitted. + + You should change: + + if (req.kdc-options.POSTDATED is set) then + if (against_postdate_policy(req.from)) then + error_out(KDC_ERR_POLICY); + endif + set new_tkt.flags.INVALID; + new_tkt.starttime := req.from; + else + omit new_tkt.starttime; /* treated as authtime when + + To: + if (req.kdc-options.POSTDATED is set) then + if (against_postdate_policy(req.from)) then + error_out(KDC_ERR_POLICY); + endif + set new_tkt.flags.POSTDATED; <**** + set new_tkt.flags.INVALID; + new_tkt.starttime := req.from; + else + omit new_tkt.starttime; /* treated as authtime when + +A.6: In section A.6, all occursences of kdc-options.POSTDATE (imperitive) + should be replaced by kdc-options.ALLOW-POSTDATE and tgt.flags.POSTDATE + should be replaced by tgt.flags.MAY-POSTDATE. + + Note that instances of POSTDATED (adjective) are correct. + + +--- +2. [19940614] Processing of the etype filed, described in 3.1.3, and 5.4.1. + +If a there are multiple encryption keys registered for a client in the +Kerberos database (or if the key registered supports multiple +encryption types; e.g. DES-CBC-CRC and DES-CBC-MD5), then the etype +field from the AS request is used by the KDC to select the encryption +method to be used for encrypting the response to the client. If there +is more than one supported, strong encryption type in the etype list, +the first valid etype for which an encryption key is available is +used. The encryption method used to respond to a TGS request is taken +from the keytype of the session key found in the ticket granting +ticket. + +When the etype field is present in a KDC request, whether an AS or TGS +request, the KDC will attempt to assign the type of the random session +key from the list of methods in the etype field. The KDC will select +the appropriate type using the list of methods provided together with +information from the Kerberos database indicating acceptable +encryption methods for the application server. The KDC will not issue +tickets with a weak session key encryption type. + diff --git a/doc/krb5-protocol/rfc1510.txt b/doc/krb5-protocol/rfc1510.txt new file mode 100644 index 000000000..bc810cc50 --- /dev/null +++ b/doc/krb5-protocol/rfc1510.txt @@ -0,0 +1,6275 @@ + + + + + + +Network Working Group J. Kohl +Request for Comments: 1510 Digital Equipment Corporation + C. Neuman + ISI + September 1993 + + + The Kerberos Network Authentication Service (V5) + +Status of this Memo + + This RFC specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" for the standardization state and status + of this protocol. Distribution of this memo is unlimited. + +Abstract + + This document gives an overview and specification of Version 5 of the + protocol for the Kerberos network authentication system. Version 4, + described elsewhere [1,2], is presently in production use at MIT's + Project Athena, and at other Internet sites. + +Overview + + Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, + Moira, and Zephyr are trademarks of the Massachusetts Institute of + Technology (MIT). No commercial use of these trademarks may be made + without prior written permission of MIT. + + This RFC describes the concepts and model upon which the Kerberos + network authentication system is based. It also specifies Version 5 + of the Kerberos protocol. + + The motivations, goals, assumptions, and rationale behind most design + decisions are treated cursorily; for Version 4 they are fully + described in the Kerberos portion of the Athena Technical Plan [1]. + The protocols are under review, and are not being submitted for + consideration as an Internet standard at this time. Comments are + encouraged. Requests for addition to an electronic mailing list for + discussion of Kerberos, kerberos@MIT.EDU, may be addressed to + kerberos-request@MIT.EDU. This mailing list is gatewayed onto the + Usenet as the group comp.protocols.kerberos. Requests for further + information, including documents and code availability, may be sent + to info-kerberos@MIT.EDU. + + + + + +Kohl & Neuman [Page 1] + +RFC 1510 Kerberos September 1993 + + +Background + + The Kerberos model is based in part on Needham and Schroeder's + trusted third-party authentication protocol [3] and on modifications + suggested by Denning and Sacco [4]. The original design and + implementation of Kerberos Versions 1 through 4 was the work of two + former Project Athena staff members, Steve Miller of Digital + Equipment Corporation and Clifford Neuman (now at the Information + Sciences Institute of the University of Southern California), along + with Jerome Saltzer, Technical Director of Project Athena, and + Jeffrey Schiller, MIT Campus Network Manager. Many other members of + Project Athena have also contributed to the work on Kerberos. + Version 4 is publicly available, and has seen wide use across the + Internet. + + Version 5 (described in this document) has evolved from Version 4 + based on new requirements and desires for features not available in + Version 4. Details on the differences between Kerberos Versions 4 + and 5 can be found in [5]. + +Table of Contents + + 1. Introduction ....................................... 5 + 1.1. Cross-Realm Operation ............................ 7 + 1.2. Environmental assumptions ........................ 8 + 1.3. Glossary of terms ................................ 9 + 2. Ticket flag uses and requests ...................... 12 + 2.1. Initial and pre-authenticated tickets ............ 12 + 2.2. Invalid tickets .................................. 12 + 2.3. Renewable tickets ................................ 12 + 2.4. Postdated tickets ................................ 13 + 2.5. Proxiable and proxy tickets ...................... 14 + 2.6. Forwardable tickets .............................. 15 + 2.7. Other KDC options ................................ 15 + 3. Message Exchanges .................................. 16 + 3.1. The Authentication Service Exchange .............. 16 + 3.1.1. Generation of KRB_AS_REQ message ............... 17 + 3.1.2. Receipt of KRB_AS_REQ message .................. 17 + 3.1.3. Generation of KRB_AS_REP message ............... 17 + 3.1.4. Generation of KRB_ERROR message ................ 19 + 3.1.5. Receipt of KRB_AS_REP message .................. 19 + 3.1.6. Receipt of KRB_ERROR message ................... 20 + 3.2. The Client/Server Authentication Exchange ........ 20 + 3.2.1. The KRB_AP_REQ message ......................... 20 + 3.2.2. Generation of a KRB_AP_REQ message ............. 20 + 3.2.3. Receipt of KRB_AP_REQ message .................. 21 + 3.2.4. Generation of a KRB_AP_REP message ............. 23 + 3.2.5. Receipt of KRB_AP_REP message .................. 23 + + + +Kohl & Neuman [Page 2] + +RFC 1510 Kerberos September 1993 + + + 3.2.6. Using the encryption key ....................... 24 + 3.3. The Ticket-Granting Service (TGS) Exchange ....... 24 + 3.3.1. Generation of KRB_TGS_REQ message .............. 25 + 3.3.2. Receipt of KRB_TGS_REQ message ................. 26 + 3.3.3. Generation of KRB_TGS_REP message .............. 27 + 3.3.3.1. Encoding the transited field ................. 29 + 3.3.4. Receipt of KRB_TGS_REP message ................. 31 + 3.4. The KRB_SAFE Exchange ............................ 31 + 3.4.1. Generation of a KRB_SAFE message ............... 31 + 3.4.2. Receipt of KRB_SAFE message .................... 32 + 3.5. The KRB_PRIV Exchange ............................ 33 + 3.5.1. Generation of a KRB_PRIV message ............... 33 + 3.5.2. Receipt of KRB_PRIV message .................... 33 + 3.6. The KRB_CRED Exchange ............................ 34 + 3.6.1. Generation of a KRB_CRED message ............... 34 + 3.6.2. Receipt of KRB_CRED message .................... 34 + 4. The Kerberos Database .............................. 35 + 4.1. Database contents ................................ 35 + 4.2. Additional fields ................................ 36 + 4.3. Frequently Changing Fields ....................... 37 + 4.4. Site Constants ................................... 37 + 5. Message Specifications ............................. 38 + 5.1. ASN.1 Distinguished Encoding Representation ...... 38 + 5.2. ASN.1 Base Definitions ........................... 38 + 5.3. Tickets and Authenticators ....................... 42 + 5.3.1. Tickets ........................................ 42 + 5.3.2. Authenticators ................................. 47 + 5.4. Specifications for the AS and TGS exchanges ...... 49 + 5.4.1. KRB_KDC_REQ definition ......................... 49 + 5.4.2. KRB_KDC_REP definition ......................... 56 + 5.5. Client/Server (CS) message specifications ........ 58 + 5.5.1. KRB_AP_REQ definition .......................... 58 + 5.5.2. KRB_AP_REP definition .......................... 60 + 5.5.3. Error message reply ............................ 61 + 5.6. KRB_SAFE message specification ................... 61 + 5.6.1. KRB_SAFE definition ............................ 61 + 5.7. KRB_PRIV message specification ................... 62 + 5.7.1. KRB_PRIV definition ............................ 62 + 5.8. KRB_CRED message specification ................... 63 + 5.8.1. KRB_CRED definition ............................ 63 + 5.9. Error message specification ...................... 65 + 5.9.1. KRB_ERROR definition ........................... 66 + 6. Encryption and Checksum Specifications ............. 67 + 6.1. Encryption Specifications ........................ 68 + 6.2. Encryption Keys .................................. 71 + 6.3. Encryption Systems ............................... 71 + 6.3.1. The NULL Encryption System (null) .............. 71 + 6.3.2. DES in CBC mode with a CRC-32 checksum (descbc-crc)71 + + + +Kohl & Neuman [Page 3] + +RFC 1510 Kerberos September 1993 + + + 6.3.3. DES in CBC mode with an MD4 checksum (descbc-md4) 72 + 6.3.4. DES in CBC mode with an MD5 checksum (descbc-md5) 72 + 6.4. Checksums ........................................ 74 + 6.4.1. The CRC-32 Checksum (crc32) .................... 74 + 6.4.2. The RSA MD4 Checksum (rsa-md4) ................. 75 + 6.4.3. RSA MD4 Cryptographic Checksum Using DES + (rsa-md4-des) ......................................... 75 + 6.4.4. The RSA MD5 Checksum (rsa-md5) ................. 76 + 6.4.5. RSA MD5 Cryptographic Checksum Using DES + (rsa-md5-des) ......................................... 76 + 6.4.6. DES cipher-block chained checksum (des-mac) + 6.4.7. RSA MD4 Cryptographic Checksum Using DES + alternative (rsa-md4-des-k) ........................... 77 + 6.4.8. DES cipher-block chained checksum alternative + (des-mac-k) ........................................... 77 + 7. Naming Constraints ................................. 78 + 7.1. Realm Names ...................................... 77 + 7.2. Principal Names .................................. 79 + 7.2.1. Name of server principals ...................... 80 + 8. Constants and other defined values ................. 80 + 8.1. Host address types ............................... 80 + 8.2. KDC messages ..................................... 81 + 8.2.1. IP transport ................................... 81 + 8.2.2. OSI transport .................................. 82 + 8.2.3. Name of the TGS ................................ 82 + 8.3. Protocol constants and associated values ......... 82 + 9. Interoperability requirements ...................... 86 + 9.1. Specification 1 .................................. 86 + 9.2. Recommended KDC values ........................... 88 + 10. Acknowledgments ................................... 88 + 11. References ........................................ 89 + 12. Security Considerations ........................... 90 + 13. Authors' Addresses ................................ 90 + A. Pseudo-code for protocol processing ................ 91 + A.1. KRB_AS_REQ generation ............................ 91 + A.2. KRB_AS_REQ verification and KRB_AS_REP generation 92 + A.3. KRB_AS_REP verification .......................... 95 + A.4. KRB_AS_REP and KRB_TGS_REP common checks ......... 96 + A.5. KRB_TGS_REQ generation ........................... 97 + A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation 98 + A.7. KRB_TGS_REP verification ......................... 104 + A.8. Authenticator generation ......................... 104 + A.9. KRB_AP_REQ generation ............................ 105 + A.10. KRB_AP_REQ verification ......................... 105 + A.11. KRB_AP_REP generation ........................... 106 + A.12. KRB_AP_REP verification ......................... 107 + A.13. KRB_SAFE generation ............................. 107 + A.14. KRB_SAFE verification ........................... 108 + + + +Kohl & Neuman [Page 4] + +RFC 1510 Kerberos September 1993 + + + A.15. KRB_SAFE and KRB_PRIV common checks ............. 108 + A.16. KRB_PRIV generation ............................. 109 + A.17. KRB_PRIV verification ........................... 110 + A.18. KRB_CRED generation ............................. 110 + A.19. KRB_CRED verification ........................... 111 + A.20. KRB_ERROR generation ............................ 112 + +1. Introduction + + Kerberos provides a means of verifying the identities of principals, + (e.g., a workstation user or a network server) on an open + (unprotected) network. This is accomplished without relying on + authentication by the host operating system, without basing trust on + host addresses, without requiring physical security of all the hosts + on the network, and under the assumption that packets traveling along + the network can be read, modified, and inserted at will. (Note, + however, that many applications use Kerberos' functions only upon the + initiation of a stream-based network connection, and assume the + absence of any "hijackers" who might subvert such a connection. Such + use implicitly trusts the host addresses involved.) Kerberos + performs authentication under these conditions as a trusted third- + party authentication service by using conventional cryptography, + i.e., shared secret key. (shared secret key - Secret and private are + often used interchangeably in the literature. In our usage, it takes + two (or more) to share a secret, thus a shared DES key is a secret + key. Something is only private when no one but its owner knows it. + Thus, in public key cryptosystems, one has a public and a private + key.) + + The authentication process proceeds as follows: A client sends a + request to the authentication server (AS) requesting "credentials" + for a given server. The AS responds with these credentials, + encrypted in the client's key. The credentials consist of 1) a + "ticket" for the server and 2) a temporary encryption key (often + called a "session key"). The client transmits the ticket (which + contains the client's identity and a copy of the session key, all + encrypted in the server's key) to the server. The session key (now + shared by the client and server) is used to authenticate the client, + and may optionally be used to authenticate the server. It may also + be used to encrypt further communication between the two parties or + to exchange a separate sub-session key to be used to encrypt further + communication. + + The implementation consists of one or more authentication servers + running on physically secure hosts. The authentication servers + maintain a database of principals (i.e., users and servers) and their + secret keys. Code libraries provide encryption and implement the + Kerberos protocol. In order to add authentication to its + + + +Kohl & Neuman [Page 5] + +RFC 1510 Kerberos September 1993 + + + transactions, a typical network application adds one or two calls to + the Kerberos library, which results in the transmission of the + necessary messages to achieve authentication. + + The Kerberos protocol consists of several sub-protocols (or + exchanges). There are two methods by which a client can ask a + Kerberos server for credentials. In the first approach, the client + sends a cleartext request for a ticket for the desired server to the + AS. The reply is sent encrypted in the client's secret key. Usually + this request is for a ticket-granting ticket (TGT) which can later be + used with the ticket-granting server (TGS). In the second method, + the client sends a request to the TGS. The client sends the TGT to + the TGS in the same manner as if it were contacting any other + application server which requires Kerberos credentials. The reply is + encrypted in the session key from the TGT. + + Once obtained, credentials may be used to verify the identity of the + principals in a transaction, to ensure the integrity of messages + exchanged between them, or to preserve privacy of the messages. The + application is free to choose whatever protection may be necessary. + + To verify the identities of the principals in a transaction, the + client transmits the ticket to the server. Since the ticket is sent + "in the clear" (parts of it are encrypted, but this encryption + doesn't thwart replay) and might be intercepted and reused by an + attacker, additional information is sent to prove that the message + was originated by the principal to whom the ticket was issued. This + information (called the authenticator) is encrypted in the session + key, and includes a timestamp. The timestamp proves that the message + was recently generated and is not a replay. Encrypting the + authenticator in the session key proves that it was generated by a + party possessing the session key. Since no one except the requesting + principal and the server know the session key (it is never sent over + the network in the clear) this guarantees the identity of the client. + + The integrity of the messages exchanged between principals can also + be guaranteed using the session key (passed in the ticket and + contained in the credentials). This approach provides detection of + both replay attacks and message stream modification attacks. It is + accomplished by generating and transmitting a collision-proof + checksum (elsewhere called a hash or digest function) of the client's + message, keyed with the session key. Privacy and integrity of the + messages exchanged between principals can be secured by encrypting + the data to be passed using the session key passed in the ticket, and + contained in the credentials. + + The authentication exchanges mentioned above require read-only access + to the Kerberos database. Sometimes, however, the entries in the + + + +Kohl & Neuman [Page 6] + +RFC 1510 Kerberos September 1993 + + + database must be modified, such as when adding new principals or + changing a principal's key. This is done using a protocol between a + client and a third Kerberos server, the Kerberos Administration + Server (KADM). The administration protocol is not described in this + document. There is also a protocol for maintaining multiple copies of + the Kerberos database, but this can be considered an implementation + detail and may vary to support different database technologies. + +1.1. Cross-Realm Operation + + The Kerberos protocol is designed to operate across organizational + boundaries. A client in one organization can be authenticated to a + server in another. Each organization wishing to run a Kerberos + server establishes its own "realm". The name of the realm in which a + client is registered is part of the client's name, and can be used by + the end-service to decide whether to honor a request. + + By establishing "inter-realm" keys, the administrators of two realms + can allow a client authenticated in the local realm to use its + authentication remotely (Of course, with appropriate permission the + client could arrange registration of a separately-named principal in + a remote realm, and engage in normal exchanges with that realm's + services. However, for even small numbers of clients this becomes + cumbersome, and more automatic methods as described here are + necessary). The exchange of inter-realm keys (a separate key may be + used for each direction) registers the ticket-granting service of + each realm as a principal in the other realm. A client is then able + to obtain a ticket-granting ticket for the remote realm's ticket- + granting service from its local realm. When that ticket-granting + ticket is used, the remote ticket-granting service uses the inter- + realm key (which usually differs from its own normal TGS key) to + decrypt the ticket-granting ticket, and is thus certain that it was + issued by the client's own TGS. Tickets issued by the remote ticket- + granting service will indicate to the end-service that the client was + authenticated from another realm. + + A realm is said to communicate with another realm if the two realms + share an inter-realm key, or if the local realm shares an inter-realm + key with an intermediate realm that communicates with the remote + realm. An authentication path is the sequence of intermediate realms + that are transited in communicating from one realm to another. + + Realms are typically organized hierarchically. Each realm shares a + key with its parent and a different key with each child. If an + inter-realm key is not directly shared by two realms, the + hierarchical organization allows an authentication path to be easily + constructed. If a hierarchical organization is not used, it may be + necessary to consult some database in order to construct an + + + +Kohl & Neuman [Page 7] + +RFC 1510 Kerberos September 1993 + + + authentication path between realms. + + Although realms are typically hierarchical, intermediate realms may + be bypassed to achieve cross-realm authentication through alternate + authentication paths (these might be established to make + communication between two realms more efficient). It is important + for the end-service to know which realms were transited when deciding + how much faith to place in the authentication process. To facilitate + this decision, a field in each ticket contains the names of the + realms that were involved in authenticating the client. + +1.2. Environmental assumptions + + Kerberos imposes a few assumptions on the environment in which it can + properly function: + + + "Denial of service" attacks are not solved with Kerberos. There + are places in these protocols where an intruder intruder can + prevent an application from participating in the proper + authentication steps. Detection and solution of such attacks + (some of which can appear to be not-uncommon "normal" failure + modes for the system) is usually best left to the human + administrators and users. + + + Principals must keep their secret keys secret. If an intruder + somehow steals a principal's key, it will be able to masquerade + as that principal or impersonate any server to the legitimate + principal. + + + "Password guessing" attacks are not solved by Kerberos. If a + user chooses a poor password, it is possible for an attacker to + successfully mount an offline dictionary attack by repeatedly + attempting to decrypt, with successive entries from a + dictionary, messages obtained which are encrypted under a key + derived from the user's password. + + + Each host on the network must have a clock which is "loosely + synchronized" to the time of the other hosts; this + synchronization is used to reduce the bookkeeping needs of + application servers when they do replay detection. The degree + of "looseness" can be configured on a per-server basis. If the + clocks are synchronized over the network, the clock + synchronization protocol must itself be secured from network + attackers. + + + Principal identifiers are not recycled on a short-term basis. A + typical mode of access control will use access control lists + (ACLs) to grant permissions to particular principals. If a + + + +Kohl & Neuman [Page 8] + +RFC 1510 Kerberos September 1993 + + + stale ACL entry remains for a deleted principal and the + principal identifier is reused, the new principal will inherit + rights specified in the stale ACL entry. By not re-using + principal identifiers, the danger of inadvertent access is + removed. + +1.3. Glossary of terms + + Below is a list of terms used throughout this document. + + + Authentication Verifying the claimed identity of a + principal. + + + Authentication header A record containing a Ticket and an + Authenticator to be presented to a + server as part of the authentication + process. + + + Authentication path A sequence of intermediate realms transited + in the authentication process when + communicating from one realm to another. + + Authenticator A record containing information that can + be shown to have been recently generated + using the session key known only by the + client and server. + + + Authorization The process of determining whether a + client may use a service, which objects + the client is allowed to access, and the + type of access allowed for each. + + + Capability A token that grants the bearer permission + to access an object or service. In + Kerberos, this might be a ticket whose + use is restricted by the contents of the + authorization data field, but which + lists no network addresses, together + with the session key necessary to use + the ticket. + + + + + + +Kohl & Neuman [Page 9] + +RFC 1510 Kerberos September 1993 + + + Ciphertext The output of an encryption function. + Encryption transforms plaintext into + ciphertext. + + + Client A process that makes use of a network + service on behalf of a user. Note that + in some cases a Server may itself be a + client of some other server (e.g., a + print server may be a client of a file + server). + + + Credentials A ticket plus the secret session key + necessary to successfully use that + ticket in an authentication exchange. + + + KDC Key Distribution Center, a network service + that supplies tickets and temporary + session keys; or an instance of that + service or the host on which it runs. + The KDC services both initial ticket and + ticket-granting ticket requests. The + initial ticket portion is sometimes + referred to as the Authentication Server + (or service). The ticket-granting + ticket portion is sometimes referred to + as the ticket-granting server (or service). + + Kerberos Aside from the 3-headed dog guarding + Hades, the name given to Project + Athena's authentication service, the + protocol used by that service, or the + code used to implement the authentication + service. + + + Plaintext The input to an encryption function or + the output of a decryption function. + Decryption transforms ciphertext into + plaintext. + + + Principal A uniquely named client or server + instance that participates in a network + communication. + + + + +Kohl & Neuman [Page 10] + +RFC 1510 Kerberos September 1993 + + + Principal identifier The name used to uniquely identify each + different principal. + + + Seal To encipher a record containing several + fields in such a way that the fields + cannot be individually replaced without + either knowledge of the encryption key + or leaving evidence of tampering. + + + Secret key An encryption key shared by a principal + and the KDC, distributed outside the + bounds of the system, with a long lifetime. + In the case of a human user's + principal, the secret key is derived + from a password. + + + Server A particular Principal which provides a + resource to network clients. + + + Service A resource provided to network clients; + often provided by more than one server + (for example, remote file service). + + + Session key A temporary encryption key used between + two principals, with a lifetime limited + to the duration of a single login "session". + + + Sub-session key A temporary encryption key used between + two principals, selected and exchanged + by the principals using the session key, + and with a lifetime limited to the duration + of a single association. + + + Ticket A record that helps a client authenticate + itself to a server; it contains the + client's identity, a session key, a + timestamp, and other information, all + sealed using the server's secret key. + It only serves to authenticate a client + when presented along with a fresh + Authenticator. + + + +Kohl & Neuman [Page 11] + +RFC 1510 Kerberos September 1993 + + +2. Ticket flag uses and requests + + Each Kerberos ticket contains a set of flags which are used to + indicate various attributes of that ticket. Most flags may be + requested by a client when the ticket is obtained; some are + automatically turned on and off by a Kerberos server as required. + The following sections explain what the various flags mean, and gives + examples of reasons to use such a flag. + +2.1. Initial and pre-authenticated tickets + + The INITIAL flag indicates that a ticket was issued using the AS + protocol and not issued based on a ticket-granting ticket. + Application servers that want to require the knowledge of a client's + secret key (e.g., a passwordchanging program) can insist that this + flag be set in any tickets they accept, and thus be assured that the + client's key was recently presented to the application client. + + The PRE-AUTHENT and HW-AUTHENT flags provide addition information + about the initial authentication, regardless of whether the current + ticket was issued directly (in which case INITIAL will also be set) + or issued on the basis of a ticket-granting ticket (in which case the + INITIAL flag is clear, but the PRE-AUTHENT and HW-AUTHENT flags are + carried forward from the ticket-granting ticket). + +2.2. Invalid tickets + + The INVALID flag indicates that a ticket is invalid. Application + servers must reject tickets which have this flag set. A postdated + ticket will usually be issued in this form. Invalid tickets must be + validated by the KDC before use, by presenting them to the KDC in a + TGS request with the VALIDATE option specified. The KDC will only + validate tickets after their starttime has passed. The validation is + required so that postdated tickets which have been stolen before + their starttime can be rendered permanently invalid (through a hot- + list mechanism). + +2.3. Renewable tickets + + Applications may desire to hold tickets which can be valid for long + periods of time. However, this can expose their credentials to + potential theft for equally long periods, and those stolen + credentials would be valid until the expiration time of the + ticket(s). Simply using shortlived tickets and obtaining new ones + periodically would require the client to have long-term access to its + secret key, an even greater risk. Renewable tickets can be used to + mitigate the consequences of theft. Renewable tickets have two + "expiration times": the first is when the current instance of the + + + +Kohl & Neuman [Page 12] + +RFC 1510 Kerberos September 1993 + + + ticket expires, and the second is the latest permissible value for an + individual expiration time. An application client must periodically + (i.e., before it expires) present a renewable ticket to the KDC, with + the RENEW option set in the KDC request. The KDC will issue a new + ticket with a new session key and a later expiration time. All other + fields of the ticket are left unmodified by the renewal process. + When the latest permissible expiration time arrives, the ticket + expires permanently. At each renewal, the KDC may consult a hot-list + to determine if the ticket had been reported stolen since its last + renewal; it will refuse to renew such stolen tickets, and thus the + usable lifetime of stolen tickets is reduced. + + The RENEWABLE flag in a ticket is normally only interpreted by the + ticket-granting service (discussed below in section 3.3). It can + usually be ignored by application servers. However, some + particularly careful application servers may wish to disallow + renewable tickets. + + If a renewable ticket is not renewed by its expiration time, the KDC + will not renew the ticket. The RENEWABLE flag is reset by default, + but a client may request it be set by setting the RENEWABLE option + in the KRB_AS_REQ message. If it is set, then the renew-till field + in the ticket contains the time after which the ticket may not be + renewed. + +2.4. Postdated tickets + + Applications may occasionally need to obtain tickets for use much + later, e.g., a batch submission system would need tickets to be valid + at the time the batch job is serviced. However, it is dangerous to + hold valid tickets in a batch queue, since they will be on-line + longer and more prone to theft. Postdated tickets provide a way to + obtain these tickets from the KDC at job submission time, but to + leave them "dormant" until they are activated and validated by a + further request of the KDC. If a ticket theft were reported in the + interim, the KDC would refuse to validate the ticket, and the thief + would be foiled. + + The MAY-POSTDATE flag in a ticket is normally only interpreted by the + ticket-granting service. It can be ignored by application servers. + This flag must be set in a ticket-granting ticket in order to issue a + postdated ticket based on the presented ticket. It is reset by + default; it may be requested by a client by setting the ALLOW- + POSTDATE option in the KRB_AS_REQ message. This flag does not allow + a client to obtain a postdated ticket-granting ticket; postdated + ticket-granting tickets can only by obtained by requesting the + postdating in the KRB_AS_REQ message. The life (endtime-starttime) + of a postdated ticket will be the remaining life of the ticket- + + + +Kohl & Neuman [Page 13] + +RFC 1510 Kerberos September 1993 + + + granting ticket at the time of the request, unless the RENEWABLE + option is also set, in which case it can be the full life (endtime- + starttime) of the ticket-granting ticket. The KDC may limit how far + in the future a ticket may be postdated. + + The POSTDATED flag indicates that a ticket has been postdated. The + application server can check the authtime field in the ticket to see + when the original authentication occurred. Some services may choose + to reject postdated tickets, or they may only accept them within a + certain period after the original authentication. When the KDC issues + a POSTDATED ticket, it will also be marked as INVALID, so that the + application client must present the ticket to the KDC to be validated + before use. + +2.5. Proxiable and proxy tickets + + At times it may be necessary for a principal to allow a service to + perform an operation on its behalf. The service must be able to take + on the identity of the client, but only for a particular purpose. A + principal can allow a service to take on the principal's identity for + a particular purpose by granting it a proxy. + + The PROXIABLE flag in a ticket is normally only interpreted by the + ticket-granting service. It can be ignored by application servers. + When set, this flag tells the ticket-granting server that it is OK to + issue a new ticket (but not a ticket-granting ticket) with a + different network address based on this ticket. This flag is set by + default. + + This flag allows a client to pass a proxy to a server to perform a + remote request on its behalf, e.g., a print service client can give + the print server a proxy to access the client's files on a particular + file server in order to satisfy a print request. + + In order to complicate the use of stolen credentials, Kerberos + tickets are usually valid from only those network addresses + specifically included in the ticket (It is permissible to request or + issue tickets with no network addresses specified, but we do not + recommend it). For this reason, a client wishing to grant a proxy + must request a new ticket valid for the network address of the + service to be granted the proxy. + + The PROXY flag is set in a ticket by the TGS when it issues a + proxy ticket. Application servers may check this flag and require + additional authentication from the agent presenting the proxy in + order to provide an audit trail. + + + + + +Kohl & Neuman [Page 14] + +RFC 1510 Kerberos September 1993 + + +2.6. Forwardable tickets + + Authentication forwarding is an instance of the proxy case where the + service is granted complete use of the client's identity. An example + where it might be used is when a user logs in to a remote system and + wants authentication to work from that system as if the login were + local. + + The FORWARDABLE flag in a ticket is normally only interpreted by the + ticket-granting service. It can be ignored by application servers. + The FORWARDABLE flag has an interpretation similar to that of the + PROXIABLE flag, except ticket-granting tickets may also be issued + with different network addresses. This flag is reset by default, but + users may request that it be set by setting the FORWARDABLE option in + the AS request when they request their initial ticket-granting + ticket. + + This flag allows for authentication forwarding without requiring the + user to enter a password again. If the flag is not set, then + authentication forwarding is not permitted, but the same end result + can still be achieved if the user engages in the AS exchange with the + requested network addresses and supplies a password. + + The FORWARDED flag is set by the TGS when a client presents a ticket + with the FORWARDABLE flag set and requests it be set by specifying + the FORWARDED KDC option and supplying a set of addresses for the new + ticket. It is also set in all tickets issued based on tickets with + the FORWARDED flag set. Application servers may wish to process + FORWARDED tickets differently than non-FORWARDED tickets. + +2.7. Other KDC options + + There are two additional options which may be set in a client's + request of the KDC. The RENEWABLE-OK option indicates that the + client will accept a renewable ticket if a ticket with the requested + life cannot otherwise be provided. If a ticket with the requested + life cannot be provided, then the KDC may issue a renewable ticket + with a renew-till equal to the the requested endtime. The value of + the renew-till field may still be adjusted by site-determined limits + or limits imposed by the individual principal or server. + + The ENC-TKT-IN-SKEY option is honored only by the ticket-granting + service. It indicates that the to-be-issued ticket for the end + server is to be encrypted in the session key from the additional + ticket-granting ticket provided with the request. See section 3.3.3 + for specific details. + + + + + +Kohl & Neuman [Page 15] + +RFC 1510 Kerberos September 1993 + + +3. Message Exchanges + + The following sections describe the interactions between network + clients and servers and the messages involved in those exchanges. + +3.1. The Authentication Service Exchange + + Summary + + Message direction Message type Section + 1. Client to Kerberos KRB_AS_REQ 5.4.1 + 2. Kerberos to client KRB_AS_REP or 5.4.2 + KRB_ERROR 5.9.1 + + The Authentication Service (AS) Exchange between the client and the + Kerberos Authentication Server is usually initiated by a client when + it wishes to obtain authentication credentials for a given server but + currently holds no credentials. The client's secret key is used for + encryption and decryption. This exchange is typically used at the + initiation of a login session, to obtain credentials for a Ticket- + Granting Server, which will subsequently be used to obtain + credentials for other servers (see section 3.3) without requiring + further use of the client's secret key. This exchange is also used + to request credentials for services which must not be mediated + through the Ticket-Granting Service, but rather require a principal's + secret key, such as the password-changing service. (The password- + changing request must not be honored unless the requester can provide + the old password (the user's current secret key). Otherwise, it + would be possible for someone to walk up to an unattended session and + change another user's password.) This exchange does not by itself + provide any assurance of the the identity of the user. (To + authenticate a user logging on to a local system, the credentials + obtained in the AS exchange may first be used in a TGS exchange to + obtain credentials for a local server. Those credentials must then + be verified by the local server through successful completion of the + Client/Server exchange.) + + The exchange consists of two messages: KRB_AS_REQ from the client to + Kerberos, and KRB_AS_REP or KRB_ERROR in reply. The formats for these + messages are described in sections 5.4.1, 5.4.2, and 5.9.1. + + In the request, the client sends (in cleartext) its own identity and + the identity of the server for which it is requesting credentials. + The response, KRB_AS_REP, contains a ticket for the client to present + to the server, and a session key that will be shared by the client + and the server. The session key and additional information are + encrypted in the client's secret key. The KRB_AS_REP message + contains information which can be used to detect replays, and to + + + +Kohl & Neuman [Page 16] + +RFC 1510 Kerberos September 1993 + + + associate it with the message to which it replies. Various errors + can occur; these are indicated by an error response (KRB_ERROR) + instead of the KRB_AS_REP response. The error message is not + encrypted. The KRB_ERROR message also contains information which can + be used to associate it with the message to which it replies. The + lack of encryption in the KRB_ERROR message precludes the ability to + detect replays or fabrications of such messages. + + In the normal case the authentication server does not know whether + the client is actually the principal named in the request. It simply + sends a reply without knowing or caring whether they are the same. + This is acceptable because nobody but the principal whose identity + was given in the request will be able to use the reply. Its critical + information is encrypted in that principal's key. The initial + request supports an optional field that can be used to pass + additional information that might be needed for the initial exchange. + This field may be used for preauthentication if desired, but the + mechanism is not currently specified. + +3.1.1. Generation of KRB_AS_REQ message + + The client may specify a number of options in the initial request. + Among these options are whether preauthentication is to be performed; + whether the requested ticket is to be renewable, proxiable, or + forwardable; whether it should be postdated or allow postdating of + derivative tickets; and whether a renewable ticket will be accepted + in lieu of a non-renewable ticket if the requested ticket expiration + date cannot be satisfied by a nonrenewable ticket (due to + configuration constraints; see section 4). See section A.1 for + pseudocode. + + The client prepares the KRB_AS_REQ message and sends it to the KDC. + +3.1.2. Receipt of KRB_AS_REQ message + + If all goes well, processing the KRB_AS_REQ message will result in + the creation of a ticket for the client to present to the server. + The format for the ticket is described in section 5.3.1. The + contents of the ticket are determined as follows. + +3.1.3. Generation of KRB_AS_REP message + + The authentication server looks up the client and server principals + named in the KRB_AS_REQ in its database, extracting their respective + keys. If required, the server pre-authenticates the request, and if + the pre-authentication check fails, an error message with the code + KDC_ERR_PREAUTH_FAILED is returned. If the server cannot accommodate + the requested encryption type, an error message with code + + + +Kohl & Neuman [Page 17] + +RFC 1510 Kerberos September 1993 + + + KDC_ERR_ETYPE_NOSUPP is returned. Otherwise it generates a "random" + session key ("Random" means that, among other things, it should be + impossible to guess the next session key based on knowledge of past + session keys. This can only be achieved in a pseudo-random number + generator if it is based on cryptographic principles. It would be + more desirable to use a truly random number generator, such as one + based on measurements of random physical phenomena.). + + If the requested start time is absent or indicates a time in the + past, then the start time of the ticket is set to the authentication + server's current time. If it indicates a time in the future, but the + POSTDATED option has not been specified, then the error + KDC_ERR_CANNOT_POSTDATE is returned. Otherwise the requested start + time is checked against the policy of the local realm (the + administrator might decide to prohibit certain types or ranges of + postdated tickets), and if acceptable, the ticket's start time is set + as requested and the INVALID flag is set in the new ticket. The + postdated ticket must be validated before use by presenting it to the + KDC after the start time has been reached. + + The expiration time of the ticket will be set to the minimum of the + following: + + +The expiration time (endtime) requested in the KRB_AS_REQ + message. + + +The ticket's start time plus the maximum allowable lifetime + associated with the client principal (the authentication + server's database includes a maximum ticket lifetime field + in each principal's record; see section 4). + + +The ticket's start time plus the maximum allowable lifetime + associated with the server principal. + + +The ticket's start time plus the maximum lifetime set by + the policy of the local realm. + + If the requested expiration time minus the start time (as determined + above) is less than a site-determined minimum lifetime, an error + message with code KDC_ERR_NEVER_VALID is returned. If the requested + expiration time for the ticket exceeds what was determined as above, + and if the "RENEWABLE-OK" option was requested, then the "RENEWABLE" + flag is set in the new ticket, and the renew-till value is set as if + the "RENEWABLE" option were requested (the field and option names are + described fully in section 5.4.1). If the RENEWABLE option has been + requested or if the RENEWABLE-OK option has been set and a renewable + ticket is to be issued, then the renew-till field is set to the + minimum of: + + + +Kohl & Neuman [Page 18] + +RFC 1510 Kerberos September 1993 + + + +Its requested value. + + +The start time of the ticket plus the minimum of the two + maximum renewable lifetimes associated with the principals' + database entries. + + +The start time of the ticket plus the maximum renewable + lifetime set by the policy of the local realm. + + The flags field of the new ticket will have the following options set + if they have been requested and if the policy of the local realm + allows: FORWARDABLE, MAY-POSTDATE, POSTDATED, PROXIABLE, RENEWABLE. + If the new ticket is postdated (the start time is in the future), its + INVALID flag will also be set. + + If all of the above succeed, the server formats a KRB_AS_REP message + (see section 5.4.2), copying the addresses in the request into the + caddr of the response, placing any required pre-authentication data + into the padata of the response, and encrypts the ciphertext part in + the client's key using the requested encryption method, and sends it + to the client. See section A.2 for pseudocode. + +3.1.4. Generation of KRB_ERROR message + + Several errors can occur, and the Authentication Server responds by + returning an error message, KRB_ERROR, to the client, with the + error-code and e-text fields set to appropriate values. The error + message contents and details are described in Section 5.9.1. + +3.1.5. Receipt of KRB_AS_REP message + + If the reply message type is KRB_AS_REP, then the client verifies + that the cname and crealm fields in the cleartext portion of the + reply match what it requested. If any padata fields are present, + they may be used to derive the proper secret key to decrypt the + message. The client decrypts the encrypted part of the response + using its secret key, verifies that the nonce in the encrypted part + matches the nonce it supplied in its request (to detect replays). It + also verifies that the sname and srealm in the response match those + in the request, and that the host address field is also correct. It + then stores the ticket, session key, start and expiration times, and + other information for later use. The key-expiration field from the + encrypted part of the response may be checked to notify the user of + impending key expiration (the client program could then suggest + remedial action, such as a password change). See section A.3 for + pseudocode. + + Proper decryption of the KRB_AS_REP message is not sufficient to + + + +Kohl & Neuman [Page 19] + +RFC 1510 Kerberos September 1993 + + + verify the identity of the user; the user and an attacker could + cooperate to generate a KRB_AS_REP format message which decrypts + properly but is not from the proper KDC. If the host wishes to + verify the identity of the user, it must require the user to present + application credentials which can be verified using a securely-stored + secret key. If those credentials can be verified, then the identity + of the user can be assured. + +3.1.6. Receipt of KRB_ERROR message + + If the reply message type is KRB_ERROR, then the client interprets it + as an error and performs whatever application-specific tasks are + necessary to recover. + +3.2. The Client/Server Authentication Exchange + + Summary + + Message direction Message type Section + Client to Application server KRB_AP_REQ 5.5.1 + [optional] Application server to client KRB_AP_REP or 5.5.2 + KRB_ERROR 5.9.1 + + The client/server authentication (CS) exchange is used by network + applications to authenticate the client to the server and vice versa. + The client must have already acquired credentials for the server + using the AS or TGS exchange. + +3.2.1. The KRB_AP_REQ message + + The KRB_AP_REQ contains authentication information which should be + part of the first message in an authenticated transaction. It + contains a ticket, an authenticator, and some additional bookkeeping + information (see section 5.5.1 for the exact format). The ticket by + itself is insufficient to authenticate a client, since tickets are + passed across the network in cleartext(Tickets contain both an + encrypted and unencrypted portion, so cleartext here refers to the + entire unit, which can be copied from one message and replayed in + another without any cryptographic skill.), so the authenticator is + used to prevent invalid replay of tickets by proving to the server + that the client knows the session key of the ticket and thus is + entitled to use it. The KRB_AP_REQ message is referred to elsewhere + as the "authentication header." + +3.2.2. Generation of a KRB_AP_REQ message + + When a client wishes to initiate authentication to a server, it + obtains (either through a credentials cache, the AS exchange, or the + + + +Kohl & Neuman [Page 20] + +RFC 1510 Kerberos September 1993 + + + TGS exchange) a ticket and session key for the desired service. The + client may re-use any tickets it holds until they expire. The client + then constructs a new Authenticator from the the system time, its + name, and optionally an application specific checksum, an initial + sequence number to be used in KRB_SAFE or KRB_PRIV messages, and/or a + session subkey to be used in negotiations for a session key unique to + this particular session. Authenticators may not be re-used and will + be rejected if replayed to a server (Note that this can make + applications based on unreliable transports difficult to code + correctly, if the transport might deliver duplicated messages. In + such cases, a new authenticator must be generated for each retry.). + If a sequence number is to be included, it should be randomly chosen + so that even after many messages have been exchanged it is not likely + to collide with other sequence numbers in use. + + The client may indicate a requirement of mutual authentication or the + use of a session-key based ticket by setting the appropriate flag(s) + in the ap-options field of the message. + + The Authenticator is encrypted in the session key and combined with + the ticket to form the KRB_AP_REQ message which is then sent to the + end server along with any additional application-specific + information. See section A.9 for pseudocode. + +3.2.3. Receipt of KRB_AP_REQ message + + Authentication is based on the server's current time of day (clocks + must be loosely synchronized), the authenticator, and the ticket. + Several errors are possible. If an error occurs, the server is + expected to reply to the client with a KRB_ERROR message. This + message may be encapsulated in the application protocol if its "raw" + form is not acceptable to the protocol. The format of error messages + is described in section 5.9.1. + + The algorithm for verifying authentication information is as follows. + If the message type is not KRB_AP_REQ, the server returns the + KRB_AP_ERR_MSG_TYPE error. If the key version indicated by the Ticket + in the KRB_AP_REQ is not one the server can use (e.g., it indicates + an old key, and the server no longer possesses a copy of the old + key), the KRB_AP_ERR_BADKEYVER error is returned. If the USE- + SESSION-KEY flag is set in the ap-options field, it indicates to the + server that the ticket is encrypted in the session key from the + server's ticket-granting ticket rather than its secret key (This is + used for user-to-user authentication as described in [6]). Since it + is possible for the server to be registered in multiple realms, with + different keys in each, the srealm field in the unencrypted portion + of the ticket in the KRB_AP_REQ is used to specify which secret key + the server should use to decrypt that ticket. The KRB_AP_ERR_NOKEY + + + +Kohl & Neuman [Page 21] + +RFC 1510 Kerberos September 1993 + + + error code is returned if the server doesn't have the proper key to + decipher the ticket. + + The ticket is decrypted using the version of the server's key + specified by the ticket. If the decryption routines detect a + modification of the ticket (each encryption system must provide + safeguards to detect modified ciphertext; see section 6), the + KRB_AP_ERR_BAD_INTEGRITY error is returned (chances are good that + different keys were used to encrypt and decrypt). + + The authenticator is decrypted using the session key extracted from + the decrypted ticket. If decryption shows it to have been modified, + the KRB_AP_ERR_BAD_INTEGRITY error is returned. The name and realm + of the client from the ticket are compared against the same fields in + the authenticator. If they don't match, the KRB_AP_ERR_BADMATCH + error is returned (they might not match, for example, if the wrong + session key was used to encrypt the authenticator). The addresses in + the ticket (if any) are then searched for an address matching the + operating-system reported address of the client. If no match is + found or the server insists on ticket addresses but none are present + in the ticket, the KRB_AP_ERR_BADADDR error is returned. + + If the local (server) time and the client time in the authenticator + differ by more than the allowable clock skew (e.g., 5 minutes), the + KRB_AP_ERR_SKEW error is returned. If the server name, along with + the client name, time and microsecond fields from the Authenticator + match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is + returned (Note that the rejection here is restricted to + authenticators from the same principal to the same server. Other + client principals communicating with the same server principal should + not be have their authenticators rejected if the time and microsecond + fields happen to match some other client's authenticator.). The + server must remember any authenticator presented within the allowable + clock skew, so that a replay attempt is guaranteed to fail. If a + server loses track of any authenticator presented within the + allowable clock skew, it must reject all requests until the clock + skew interval has passed. This assures that any lost or re-played + authenticators will fall outside the allowable clock skew and can no + longer be successfully replayed (If this is not done, an attacker + could conceivably record the ticket and authenticator sent over the + network to a server, then disable the client's host, pose as the + disabled host, and replay the ticket and authenticator to subvert the + authentication.). If a sequence number is provided in the + authenticator, the server saves it for later use in processing + KRB_SAFE and/or KRB_PRIV messages. If a subkey is present, the + server either saves it for later use or uses it to help generate its + own choice for a subkey to be returned in a KRB_AP_REP message. + + + + +Kohl & Neuman [Page 22] + +RFC 1510 Kerberos September 1993 + + + The server computes the age of the ticket: local (server) time minus + the start time inside the Ticket. If the start time is later than + the current time by more than the allowable clock skew or if the + INVALID flag is set in the ticket, the KRB_AP_ERR_TKT_NYV error is + returned. Otherwise, if the current time is later than end time by + more than the allowable clock skew, the KRB_AP_ERR_TKT_EXPIRED error + is returned. + + If all these checks succeed without an error, the server is assured + that the client possesses the credentials of the principal named in + the ticket and thus, the client has been authenticated to the server. + See section A.10 for pseudocode. + +3.2.4. Generation of a KRB_AP_REP message + + Typically, a client's request will include both the authentication + information and its initial request in the same message, and the + server need not explicitly reply to the KRB_AP_REQ. However, if + mutual authentication (not only authenticating the client to the + server, but also the server to the client) is being performed, the + KRB_AP_REQ message will have MUTUAL-REQUIRED set in its ap-options + field, and a KRB_AP_REP message is required in response. As with the + error message, this message may be encapsulated in the application + protocol if its "raw" form is not acceptable to the application's + protocol. The timestamp and microsecond field used in the reply must + be the client's timestamp and microsecond field (as provided in the + authenticator). [Note: In the Kerberos version 4 protocol, the + timestamp in the reply was the client's timestamp plus one. This is + not necessary in version 5 because version 5 messages are formatted + in such a way that it is not possible to create the reply by + judicious message surgery (even in encrypted form) without knowledge + of the appropriate encryption keys.] If a sequence number is to be + included, it should be randomly chosen as described above for the + authenticator. A subkey may be included if the server desires to + negotiate a different subkey. The KRB_AP_REP message is encrypted in + the session key extracted from the ticket. See section A.11 for + pseudocode. + +3.2.5. Receipt of KRB_AP_REP message + + If a KRB_AP_REP message is returned, the client uses the session key + from the credentials obtained for the server (Note that for + encrypting the KRB_AP_REP message, the sub-session key is not used, + even if present in the Authenticator.) to decrypt the message, and + verifies that the timestamp and microsecond fields match those in the + Authenticator it sent to the server. If they match, then the client + is assured that the server is genuine. The sequence number and subkey + (if present) are retained for later use. See section A.12 for + + + +Kohl & Neuman [Page 23] + +RFC 1510 Kerberos September 1993 + + + pseudocode. + +3.2.6. Using the encryption key + + After the KRB_AP_REQ/KRB_AP_REP exchange has occurred, the client and + server share an encryption key which can be used by the application. + The "true session key" to be used for KRB_PRIV, KRB_SAFE, or other + application-specific uses may be chosen by the application based on + the subkeys in the KRB_AP_REP message and the authenticator + (Implementations of the protocol may wish to provide routines to + choose subkeys based on session keys and random numbers and to + orchestrate a negotiated key to be returned in the KRB_AP_REP + message.). In some cases, the use of this session key will be + implicit in the protocol; in others the method of use must be chosen + from a several alternatives. We leave the protocol negotiations of + how to use the key (e.g., selecting an encryption or checksum type) + to the application programmer; the Kerberos protocol does not + constrain the implementation options. + + With both the one-way and mutual authentication exchanges, the peers + should take care not to send sensitive information to each other + without proper assurances. In particular, applications that require + privacy or integrity should use the KRB_AP_REP or KRB_ERROR responses + from the server to client to assure both client and server of their + peer's identity. If an application protocol requires privacy of its + messages, it can use the KRB_PRIV message (section 3.5). The KRB_SAFE + message (section 3.4) can be used to assure integrity. + +3.3. The Ticket-Granting Service (TGS) Exchange + + Summary + + Message direction Message type Section + 1. Client to Kerberos KRB_TGS_REQ 5.4.1 + 2. Kerberos to client KRB_TGS_REP or 5.4.2 + KRB_ERROR 5.9.1 + + The TGS exchange between a client and the Kerberos Ticket-Granting + Server is initiated by a client when it wishes to obtain + authentication credentials for a given server (which might be + registered in a remote realm), when it wishes to renew or validate an + existing ticket, or when it wishes to obtain a proxy ticket. In the + first case, the client must already have acquired a ticket for the + Ticket-Granting Service using the AS exchange (the ticket-granting + ticket is usually obtained when a client initially authenticates to + the system, such as when a user logs in). The message format for the + TGS exchange is almost identical to that for the AS exchange. The + primary difference is that encryption and decryption in the TGS + + + +Kohl & Neuman [Page 24] + +RFC 1510 Kerberos September 1993 + + + exchange does not take place under the client's key. Instead, the + session key from the ticket-granting ticket or renewable ticket, or + sub-session key from an Authenticator is used. As is the case for + all application servers, expired tickets are not accepted by the TGS, + so once a renewable or ticket-granting ticket expires, the client + must use a separate exchange to obtain valid tickets. + + The TGS exchange consists of two messages: A request (KRB_TGS_REQ) + from the client to the Kerberos Ticket-Granting Server, and a reply + (KRB_TGS_REP or KRB_ERROR). The KRB_TGS_REQ message includes + information authenticating the client plus a request for credentials. + The authentication information consists of the authentication header + (KRB_AP_REQ) which includes the client's previously obtained ticket- + granting, renewable, or invalid ticket. In the ticket-granting + ticket and proxy cases, the request may include one or more of: a + list of network addresses, a collection of typed authorization data + to be sealed in the ticket for authorization use by the application + server, or additional tickets (the use of which are described later). + The TGS reply (KRB_TGS_REP) contains the requested credentials, + encrypted in the session key from the ticket-granting ticket or + renewable ticket, or if present, in the subsession key from the + Authenticator (part of the authentication header). The KRB_ERROR + message contains an error code and text explaining what went wrong. + The KRB_ERROR message is not encrypted. The KRB_TGS_REP message + contains information which can be used to detect replays, and to + associate it with the message to which it replies. The KRB_ERROR + message also contains information which can be used to associate it + with the message to which it replies, but the lack of encryption in + the KRB_ERROR message precludes the ability to detect replays or + fabrications of such messages. + +3.3.1. Generation of KRB_TGS_REQ message + + Before sending a request to the ticket-granting service, the client + must determine in which realm the application server is registered + [Note: This can be accomplished in several ways. It might be known + beforehand (since the realm is part of the principal identifier), or + it might be stored in a nameserver. Presently, however, this + information is obtained from a configuration file. If the realm to + be used is obtained from a nameserver, there is a danger of being + spoofed if the nameservice providing the realm name is not + authenticated. This might result in the use of a realm which has + been compromised, and would result in an attacker's ability to + compromise the authentication of the application server to the + client.]. If the client does not already possess a ticket-granting + ticket for the appropriate realm, then one must be obtained. This is + first attempted by requesting a ticket-granting ticket for the + destination realm from the local Kerberos server (using the + + + +Kohl & Neuman [Page 25] + +RFC 1510 Kerberos September 1993 + + + KRB_TGS_REQ message recursively). The Kerberos server may return a + TGT for the desired realm in which case one can proceed. + Alternatively, the Kerberos server may return a TGT for a realm which + is "closer" to the desired realm (further along the standard + hierarchical path), in which case this step must be repeated with a + Kerberos server in the realm specified in the returned TGT. If + neither are returned, then the request must be retried with a + Kerberos server for a realm higher in the hierarchy. This request + will itself require a ticket-granting ticket for the higher realm + which must be obtained by recursively applying these directions. + + Once the client obtains a ticket-granting ticket for the appropriate + realm, it determines which Kerberos servers serve that realm, and + contacts one. The list might be obtained through a configuration file + or network service; as long as the secret keys exchanged by realms + are kept secret, only denial of service results from a false Kerberos + server. + + As in the AS exchange, the client may specify a number of options in + the KRB_TGS_REQ message. The client prepares the KRB_TGS_REQ + message, providing an authentication header as an element of the + padata field, and including the same fields as used in the KRB_AS_REQ + message along with several optional fields: the enc-authorization- + data field for application server use and additional tickets required + by some options. + + In preparing the authentication header, the client can select a sub- + session key under which the response from the Kerberos server will be + encrypted (If the client selects a sub-session key, care must be + taken to ensure the randomness of the selected subsession key. One + approach would be to generate a random number and XOR it with the + session key from the ticket-granting ticket.). If the sub-session key + is not specified, the session key from the ticket-granting ticket + will be used. If the enc-authorization-data is present, it must be + encrypted in the sub-session key, if present, from the authenticator + portion of the authentication header, or if not present in the + session key from the ticket-granting ticket. + + Once prepared, the message is sent to a Kerberos server for the + destination realm. See section A.5 for pseudocode. + +3.3.2. Receipt of KRB_TGS_REQ message + + The KRB_TGS_REQ message is processed in a manner similar to the + KRB_AS_REQ message, but there are many additional checks to be + performed. First, the Kerberos server must determine which server + the accompanying ticket is for and it must select the appropriate key + to decrypt it. For a normal KRB_TGS_REQ message, it will be for the + + + +Kohl & Neuman [Page 26] + +RFC 1510 Kerberos September 1993 + + + ticket granting service, and the TGS's key will be used. If the TGT + was issued by another realm, then the appropriate inter-realm key + must be used. If the accompanying ticket is not a ticket granting + ticket for the current realm, but is for an application server in the + current realm, the RENEW, VALIDATE, or PROXY options are specified in + the request, and the server for which a ticket is requested is the + server named in the accompanying ticket, then the KDC will decrypt + the ticket in the authentication header using the key of the server + for which it was issued. If no ticket can be found in the padata + field, the KDC_ERR_PADATA_TYPE_NOSUPP error is returned. + + Once the accompanying ticket has been decrypted, the user-supplied + checksum in the Authenticator must be verified against the contents + of the request, and the message rejected if the checksums do not + match (with an error code of KRB_AP_ERR_MODIFIED) or if the checksum + is not keyed or not collision-proof (with an error code of + KRB_AP_ERR_INAPP_CKSUM). If the checksum type is not supported, the + KDC_ERR_SUMTYPE_NOSUPP error is returned. If the authorization-data + are present, they are decrypted using the sub-session key from the + Authenticator. + + If any of the decryptions indicate failed integrity checks, the + KRB_AP_ERR_BAD_INTEGRITY error is returned. + +3.3.3. Generation of KRB_TGS_REP message + + The KRB_TGS_REP message shares its format with the KRB_AS_REP + (KRB_KDC_REP), but with its type field set to KRB_TGS_REP. The + detailed specification is in section 5.4.2. + + The response will include a ticket for the requested server. The + Kerberos database is queried to retrieve the record for the requested + server (including the key with which the ticket will be encrypted). + If the request is for a ticket granting ticket for a remote realm, + and if no key is shared with the requested realm, then the Kerberos + server will select the realm "closest" to the requested realm with + which it does share a key, and use that realm instead. This is the + only case where the response from the KDC will be for a different + server than that requested by the client. + + By default, the address field, the client's name and realm, the list + of transited realms, the time of initial authentication, the + expiration time, and the authorization data of the newly-issued + ticket will be copied from the ticket-granting ticket (TGT) or + renewable ticket. If the transited field needs to be updated, but + the transited type is not supported, the KDC_ERR_TRTYPE_NOSUPP error + is returned. + + + + +Kohl & Neuman [Page 27] + +RFC 1510 Kerberos September 1993 + + + If the request specifies an endtime, then the endtime of the new + ticket is set to the minimum of (a) that request, (b) the endtime + from the TGT, and (c) the starttime of the TGT plus the minimum of + the maximum life for the application server and the maximum life for + the local realm (the maximum life for the requesting principal was + already applied when the TGT was issued). If the new ticket is to be + a renewal, then the endtime above is replaced by the minimum of (a) + the value of the renew_till field of the ticket and (b) the starttime + for the new ticket plus the life (endtimestarttime) of the old + ticket. + + If the FORWARDED option has been requested, then the resulting ticket + will contain the addresses specified by the client. This option will + only be honored if the FORWARDABLE flag is set in the TGT. The PROXY + option is similar; the resulting ticket will contain the addresses + specified by the client. It will be honored only if the PROXIABLE + flag in the TGT is set. The PROXY option will not be honored on + requests for additional ticket-granting tickets. + + If the requested start time is absent or indicates a time in the + past, then the start time of the ticket is set to the authentication + server's current time. If it indicates a time in the future, but the + POSTDATED option has not been specified or the MAY-POSTDATE flag is + not set in the TGT, then the error KDC_ERR_CANNOT_POSTDATE is + returned. Otherwise, if the ticket-granting ticket has the + MAYPOSTDATE flag set, then the resulting ticket will be postdated and + the requested starttime is checked against the policy of the local + realm. If acceptable, the ticket's start time is set as requested, + and the INVALID flag is set. The postdated ticket must be validated + before use by presenting it to the KDC after the starttime has been + reached. However, in no case may the starttime, endtime, or renew- + till time of a newly-issued postdated ticket extend beyond the + renew-till time of the ticket-granting ticket. + + If the ENC-TKT-IN-SKEY option has been specified and an additional + ticket has been included in the request, the KDC will decrypt the + additional ticket using the key for the server to which the + additional ticket was issued and verify that it is a ticket-granting + ticket. If the name of the requested server is missing from the + request, the name of the client in the additional ticket will be + used. Otherwise the name of the requested server will be compared to + the name of the client in the additional ticket and if different, the + request will be rejected. If the request succeeds, the session key + from the additional ticket will be used to encrypt the new ticket + that is issued instead of using the key of the server for which the + new ticket will be used (This allows easy implementation of user-to- + user authentication [6], which uses ticket-granting ticket session + keys in lieu of secret server keys in situations where such secret + + + +Kohl & Neuman [Page 28] + +RFC 1510 Kerberos September 1993 + + + keys could be easily compromised.). + + If the name of the server in the ticket that is presented to the KDC + as part of the authentication header is not that of the ticket- + granting server itself, and the server is registered in the realm of + the KDC, If the RENEW option is requested, then the KDC will verify + that the RENEWABLE flag is set in the ticket and that the renew_till + time is still in the future. If the VALIDATE option is rqeuested, + the KDC will check that the starttime has passed and the INVALID flag + is set. If the PROXY option is requested, then the KDC will check + that the PROXIABLE flag is set in the ticket. If the tests succeed, + the KDC will issue the appropriate new ticket. + + Whenever a request is made to the ticket-granting server, the + presented ticket(s) is(are) checked against a hot-list of tickets + which have been canceled. This hot-list might be implemented by + storing a range of issue dates for "suspect tickets"; if a presented + ticket had an authtime in that range, it would be rejected. In this + way, a stolen ticket-granting ticket or renewable ticket cannot be + used to gain additional tickets (renewals or otherwise) once the + theft has been reported. Any normal ticket obtained before it was + reported stolen will still be valid (because they require no + interaction with the KDC), but only until their normal expiration + time. + + The ciphertext part of the response in the KRB_TGS_REP message is + encrypted in the sub-session key from the Authenticator, if present, + or the session key key from the ticket-granting ticket. It is not + encrypted using the client's secret key. Furthermore, the client's + key's expiration date and the key version number fields are left out + since these values are stored along with the client's database + record, and that record is not needed to satisfy a request based on a + ticket-granting ticket. See section A.6 for pseudocode. + +3.3.3.1. Encoding the transited field + + If the identity of the server in the TGT that is presented to the KDC + as part of the authentication header is that of the ticket-granting + service, but the TGT was issued from another realm, the KDC will look + up the inter-realm key shared with that realm and use that key to + decrypt the ticket. If the ticket is valid, then the KDC will honor + the request, subject to the constraints outlined above in the section + describing the AS exchange. The realm part of the client's identity + will be taken from the ticket-granting ticket. The name of the realm + that issued the ticket-granting ticket will be added to the transited + field of the ticket to be issued. This is accomplished by reading + the transited field from the ticket-granting ticket (which is treated + as an unordered set of realm names), adding the new realm to the set, + + + +Kohl & Neuman [Page 29] + +RFC 1510 Kerberos September 1993 + + + then constructing and writing out its encoded (shorthand) form (this + may involve a rearrangement of the existing encoding). + + Note that the ticket-granting service does not add the name of its + own realm. Instead, its responsibility is to add the name of the + previous realm. This prevents a malicious Kerberos server from + intentionally leaving out its own name (it could, however, omit other + realms' names). + + The names of neither the local realm nor the principal's realm are to + be included in the transited field. They appear elsewhere in the + ticket and both are known to have taken part in authenticating the + principal. Since the endpoints are not included, both local and + single-hop inter-realm authentication result in a transited field + that is empty. + + Because the name of each realm transited is added to this field, + it might potentially be very long. To decrease the length of this + field, its contents are encoded. The initially supported encoding is + optimized for the normal case of inter-realm communication: a + hierarchical arrangement of realms using either domain or X.500 style + realm names. This encoding (called DOMAIN-X500-COMPRESS) is now + described. + + Realm names in the transited field are separated by a ",". The ",", + "\", trailing "."s, and leading spaces (" ") are special characters, + and if they are part of a realm name, they must be quoted in the + transited field by preceding them with a "\". + + A realm name ending with a "." is interpreted as being prepended to + the previous realm. For example, we can encode traversal of EDU, + MIT.EDU, ATHENA.MIT.EDU, WASHINGTON.EDU, and CS.WASHINGTON.EDU as: + + "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.". + + Note that if ATHENA.MIT.EDU, or CS.WASHINGTON.EDU were endpoints, + that they would not be included in this field, and we would have: + + "EDU,MIT.,WASHINGTON.EDU" + + A realm name beginning with a "/" is interpreted as being appended to + the previous realm (For the purpose of appending, the realm preceding + the first listed realm is considered to be the null realm ("")). If + it is to stand by itself, then it should be preceded by a space (" + "). For example, we can encode traversal of /COM/HP/APOLLO, /COM/HP, + /COM, and /COM/DEC as: + + "/COM,/HP,/APOLLO, /COM/DEC". + + + +Kohl & Neuman [Page 30] + +RFC 1510 Kerberos September 1993 + + + Like the example above, if /COM/HP/APOLLO and /COM/DEC are endpoints, + they they would not be included in this field, and we would have: + + "/COM,/HP" + + A null subfield preceding or following a "," indicates that all + realms between the previous realm and the next realm have been + traversed (For the purpose of interpreting null subfields, the + client's realm is considered to precede those in the transited field, + and the server's realm is considered to follow them.). Thus, "," + means that all realms along the path between the client and the + server have been traversed. ",EDU, /COM," means that that all realms + from the client's realm up to EDU (in a domain style hierarchy) have + been traversed, and that everything from /COM down to the server's + realm in an X.500 style has also been traversed. This could occur if + the EDU realm in one hierarchy shares an inter-realm key directly + with the /COM realm in another hierarchy. + +3.3.4. Receipt of KRB_TGS_REP message + + When the KRB_TGS_REP is received by the client, it is processed in + the same manner as the KRB_AS_REP processing described above. The + primary difference is that the ciphertext part of the response must + be decrypted using the session key from the ticket-granting ticket + rather than the client's secret key. See section A.7 for pseudocode. + +3.4. The KRB_SAFE Exchange + + The KRB_SAFE message may be used by clients requiring the ability to + detect modifications of messages they exchange. It achieves this by + including a keyed collisionproof checksum of the user data and some + control information. The checksum is keyed with an encryption key + (usually the last key negotiated via subkeys, or the session key if + no negotiation has occured). + +3.4.1. Generation of a KRB_SAFE message + + When an application wishes to send a KRB_SAFE message, it collects + its data and the appropriate control information and computes a + checksum over them. The checksum algorithm should be some sort of + keyed one-way hash function (such as the RSA-MD5-DES checksum + algorithm specified in section 6.4.5, or the DES MAC), generated + using the sub-session key if present, or the session key. Different + algorithms may be selected by changing the checksum type in the + message. Unkeyed or non-collision-proof checksums are not suitable + for this use. + + The control information for the KRB_SAFE message includes both a + + + +Kohl & Neuman [Page 31] + +RFC 1510 Kerberos September 1993 + + + timestamp and a sequence number. The designer of an application + using the KRB_SAFE message must choose at least one of the two + mechanisms. This choice should be based on the needs of the + application protocol. + + Sequence numbers are useful when all messages sent will be received + by one's peer. Connection state is presently required to maintain + the session key, so maintaining the next sequence number should not + present an additional problem. + + If the application protocol is expected to tolerate lost messages + without them being resent, the use of the timestamp is the + appropriate replay detection mechanism. Using timestamps is also the + appropriate mechanism for multi-cast protocols where all of one's + peers share a common sub-session key, but some messages will be sent + to a subset of one's peers. + + After computing the checksum, the client then transmits the + information and checksum to the recipient in the message format + specified in section 5.6.1. + +3.4.2. Receipt of KRB_SAFE message + + When an application receives a KRB_SAFE message, it verifies it as + follows. If any error occurs, an error code is reported for use by + the application. + + The message is first checked by verifying that the protocol version + and type fields match the current version and KRB_SAFE, respectively. + A mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE + error. The application verifies that the checksum used is a + collisionproof keyed checksum, and if it is not, a + KRB_AP_ERR_INAPP_CKSUM error is generated. The recipient verifies + that the operating system's report of the sender's address matches + the sender's address in the message, and (if a recipient address is + specified or the recipient requires an address) that one of the + recipient's addresses appears as the recipient's address in the + message. A failed match for either case generates a + KRB_AP_ERR_BADADDR error. Then the timestamp and usec and/or the + sequence number fields are checked. If timestamp and usec are + expected and not present, or they are present but not current, the + KRB_AP_ERR_SKEW error is generated. If the server name, along with + the client name, time and microsecond fields from the Authenticator + match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is + generated. If an incorrect sequence number is included, or a + sequence number is expected but not present, the KRB_AP_ERR_BADORDER + error is generated. If neither a timestamp and usec or a sequence + number is present, a KRB_AP_ERR_MODIFIED error is generated. + + + +Kohl & Neuman [Page 32] + +RFC 1510 Kerberos September 1993 + + + Finally, the checksum is computed over the data and control + information, and if it doesn't match the received checksum, a + KRB_AP_ERR_MODIFIED error is generated. + + If all the checks succeed, the application is assured that the + message was generated by its peer and was not modified in transit. + +3.5. The KRB_PRIV Exchange + + The KRB_PRIV message may be used by clients requiring confidentiality + and the ability to detect modifications of exchanged messages. It + achieves this by encrypting the messages and adding control + information. + +3.5.1. Generation of a KRB_PRIV message + + When an application wishes to send a KRB_PRIV message, it collects + its data and the appropriate control information (specified in + section 5.7.1) and encrypts them under an encryption key (usually the + last key negotiated via subkeys, or the session key if no negotiation + has occured). As part of the control information, the client must + choose to use either a timestamp or a sequence number (or both); see + the discussion in section 3.4.1 for guidelines on which to use. + After the user data and control information are encrypted, the client + transmits the ciphertext and some "envelope" information to the + recipient. + +3.5.2. Receipt of KRB_PRIV message + + When an application receives a KRB_PRIV message, it verifies it as + follows. If any error occurs, an error code is reported for use by + the application. + + The message is first checked by verifying that the protocol version + and type fields match the current version and KRB_PRIV, respectively. + A mismatch generates a KRB_AP_ERR_BADVERSION or KRB_AP_ERR_MSG_TYPE + error. The application then decrypts the ciphertext and processes + the resultant plaintext. If decryption shows the data to have been + modified, a KRB_AP_ERR_BAD_INTEGRITY error is generated. The + recipient verifies that the operating system's report of the sender's + address matches the sender's address in the message, and (if a + recipient address is specified or the recipient requires an address) + that one of the recipient's addresses appears as the recipient's + address in the message. A failed match for either case generates a + KRB_AP_ERR_BADADDR error. Then the timestamp and usec and/or the + sequence number fields are checked. If timestamp and usec are + expected and not present, or they are present but not current, the + KRB_AP_ERR_SKEW error is generated. If the server name, along with + + + +Kohl & Neuman [Page 33] + +RFC 1510 Kerberos September 1993 + + + the client name, time and microsecond fields from the Authenticator + match any recently-seen such tuples, the KRB_AP_ERR_REPEAT error is + generated. If an incorrect sequence number is included, or a + sequence number is expected but not present, the KRB_AP_ERR_BADORDER + error is generated. If neither a timestamp and usec or a sequence + number is present, a KRB_AP_ERR_MODIFIED error is generated. + + If all the checks succeed, the application can assume the message was + generated by its peer, and was securely transmitted (without + intruders able to see the unencrypted contents). + +3.6. The KRB_CRED Exchange + + The KRB_CRED message may be used by clients requiring the ability to + send Kerberos credentials from one host to another. It achieves this + by sending the tickets together with encrypted data containing the + session keys and other information associated with the tickets. + +3.6.1. Generation of a KRB_CRED message + + When an application wishes to send a KRB_CRED message it first (using + the KRB_TGS exchange) obtains credentials to be sent to the remote + host. It then constructs a KRB_CRED message using the ticket or + tickets so obtained, placing the session key needed to use each + ticket in the key field of the corresponding KrbCredInfo sequence of + the encrypted part of the the KRB_CRED message. + + Other information associated with each ticket and obtained during the + KRB_TGS exchange is also placed in the corresponding KrbCredInfo + sequence in the encrypted part of the KRB_CRED message. The current + time and, if specifically required by the application the nonce, s- + address, and raddress fields, are placed in the encrypted part of the + KRB_CRED message which is then encrypted under an encryption key + previosuly exchanged in the KRB_AP exchange (usually the last key + negotiated via subkeys, or the session key if no negotiation has + occured). + +3.6.2. Receipt of KRB_CRED message + + When an application receives a KRB_CRED message, it verifies it. If + any error occurs, an error code is reported for use by the + application. The message is verified by checking that the protocol + version and type fields match the current version and KRB_CRED, + respectively. A mismatch generates a KRB_AP_ERR_BADVERSION or + KRB_AP_ERR_MSG_TYPE error. The application then decrypts the + ciphertext and processes the resultant plaintext. If decryption shows + the data to have been modified, a KRB_AP_ERR_BAD_INTEGRITY error is + generated. + + + +Kohl & Neuman [Page 34] + +RFC 1510 Kerberos September 1993 + + + If present or required, the recipient verifies that the operating + system's report of the sender's address matches the sender's address + in the message, and that one of the recipient's addresses appears as + the recipient's address in the message. A failed match for either + case generates a KRB_AP_ERR_BADADDR error. The timestamp and usec + fields (and the nonce field if required) are checked next. If the + timestamp and usec are not present, or they are present but not + current, the KRB_AP_ERR_SKEW error is generated. + + If all the checks succeed, the application stores each of the new + tickets in its ticket cache together with the session key and other + information in the corresponding KrbCredInfo sequence from the + encrypted part of the KRB_CRED message. + +4. The Kerberos Database + + The Kerberos server must have access to a database containing the + principal identifiers and secret keys of principals to be + authenticated (The implementation of the Kerberos server need not + combine the database and the server on the same machine; it is + feasible to store the principal database in, say, a network name + service, as long as the entries stored therein are protected from + disclosure to and modification by unauthorized parties. However, we + recommend against such strategies, as they can make system management + and threat analysis quite complex.). + +4.1. Database contents + + A database entry should contain at least the following fields: + + Field Value + + name Principal's identifier + key Principal's secret key + p_kvno Principal's key version + max_life Maximum lifetime for Tickets + max_renewable_life Maximum total lifetime for renewable + Tickets + + The name field is an encoding of the principal's identifier. The key + field contains an encryption key. This key is the principal's secret + key. (The key can be encrypted before storage under a Kerberos + "master key" to protect it in case the database is compromised but + the master key is not. In that case, an extra field must be added to + indicate the master key version used, see below.) The p_kvno field is + the key version number of the principal's secret key. The max_life + field contains the maximum allowable lifetime (endtime - starttime) + for any Ticket issued for this principal. The max_renewable_life + + + +Kohl & Neuman [Page 35] + +RFC 1510 Kerberos September 1993 + + + field contains the maximum allowable total lifetime for any renewable + Ticket issued for this principal. (See section 3.1 for a description + of how these lifetimes are used in determining the lifetime of a + given Ticket.) + + A server may provide KDC service to several realms, as long as the + database representation provides a mechanism to distinguish between + principal records with identifiers which differ only in the realm + name. + + When an application server's key changes, if the change is routine + (i.e., not the result of disclosure of the old key), the old key + should be retained by the server until all tickets that had been + issued using that key have expired. Because of this, it is possible + for several keys to be active for a single principal. Ciphertext + encrypted in a principal's key is always tagged with the version of + the key that was used for encryption, to help the recipient find the + proper key for decryption. + + When more than one key is active for a particular principal, the + principal will have more than one record in the Kerberos database. + The keys and key version numbers will differ between the records (the + rest of the fields may or may not be the same). Whenever Kerberos + issues a ticket, or responds to a request for initial authentication, + the most recent key (known by the Kerberos server) will be used for + encryption. This is the key with the highest key version number. + +4.2. Additional fields + + Project Athena's KDC implementation uses additional fields in its + database: + + Field Value + + K_kvno Kerberos' key version + expiration Expiration date for entry + attributes Bit field of attributes + mod_date Timestamp of last modification + mod_name Modifying principal's identifier + + The K_kvno field indicates the key version of the Kerberos master key + under which the principal's secret key is encrypted. + + After an entry's expiration date has passed, the KDC will return an + error to any client attempting to gain tickets as or for the + principal. (A database may want to maintain two expiration dates: + one for the principal, and one for the principal's current key. This + allows password aging to work independently of the principal's + + + +Kohl & Neuman [Page 36] + +RFC 1510 Kerberos September 1993 + + + expiration date. However, due to the limited space in the responses, + the KDC must combine the key expiration and principal expiration date + into a single value called "key_exp", which is used as a hint to the + user to take administrative action.) + + The attributes field is a bitfield used to govern the operations + involving the principal. This field might be useful in conjunction + with user registration procedures, for site-specific policy + implementations (Project Athena currently uses it for their user + registration process controlled by the system-wide database service, + Moira [7]), or to identify the "string to key" conversion algorithm + used for a principal's key. (See the discussion of the padata field + in section 5.4.2 for details on why this can be useful.) Other bits + are used to indicate that certain ticket options should not be + allowed in tickets encrypted under a principal's key (one bit each): + Disallow issuing postdated tickets, disallow issuing forwardable + tickets, disallow issuing tickets based on TGT authentication, + disallow issuing renewable tickets, disallow issuing proxiable + tickets, and disallow issuing tickets for which the principal is the + server. + + The mod_date field contains the time of last modification of the + entry, and the mod_name field contains the name of the principal + which last modified the entry. + +4.3. Frequently Changing Fields + + Some KDC implementations may wish to maintain the last time that a + request was made by a particular principal. Information that might + be maintained includes the time of the last request, the time of the + last request for a ticket-granting ticket, the time of the last use + of a ticket-granting ticket, or other times. This information can + then be returned to the user in the last-req field (see section 5.2). + + Other frequently changing information that can be maintained is the + latest expiration time for any tickets that have been issued using + each key. This field would be used to indicate how long old keys + must remain valid to allow the continued use of outstanding tickets. + +4.4. Site Constants + + The KDC implementation should have the following configurable + constants or options, to allow an administrator to make and enforce + policy decisions: + + + The minimum supported lifetime (used to determine whether the + KDC_ERR_NEVER_VALID error should be returned). This constant + should reflect reasonable expectations of round-trip time to the + + + +Kohl & Neuman [Page 37] + +RFC 1510 Kerberos September 1993 + + + KDC, encryption/decryption time, and processing time by the client + and target server, and it should allow for a minimum "useful" + lifetime. + + + The maximum allowable total (renewable) lifetime of a ticket + (renew_till - starttime). + + + The maximum allowable lifetime of a ticket (endtime - starttime). + + + Whether to allow the issue of tickets with empty address fields + (including the ability to specify that such tickets may only be + issued if the request specifies some authorization_data). + + + Whether proxiable, forwardable, renewable or post-datable tickets + are to be issued. + +5. Message Specifications + + The following sections describe the exact contents and encoding of + protocol messages and objects. The ASN.1 base definitions are + presented in the first subsection. The remaining subsections specify + the protocol objects (tickets and authenticators) and messages. + Specification of encryption and checksum techniques, and the fields + related to them, appear in section 6. + +5.1. ASN.1 Distinguished Encoding Representation + + All uses of ASN.1 in Kerberos shall use the Distinguished Encoding + Representation of the data elements as described in the X.509 + specification, section 8.7 [8]. + +5.2. ASN.1 Base Definitions + + The following ASN.1 base definitions are used in the rest of this + section. Note that since the underscore character (_) is not + permitted in ASN.1 names, the hyphen (-) is used in its place for the + purposes of ASN.1 names. + + Realm ::= GeneralString + PrincipalName ::= SEQUENCE { + name-type[0] INTEGER, + name-string[1] SEQUENCE OF GeneralString + } + + Kerberos realms are encoded as GeneralStrings. Realms shall not + contain a character with the code 0 (the ASCII NUL). Most realms + will usually consist of several components separated by periods (.), + in the style of Internet Domain Names, or separated by slashes (/) in + + + +Kohl & Neuman [Page 38] + +RFC 1510 Kerberos September 1993 + + + the style of X.500 names. Acceptable forms for realm names are + specified in section 7. A PrincipalName is a typed sequence of + components consisting of the following sub-fields: + + name-type This field specifies the type of name that follows. + Pre-defined values for this field are + specified in section 7.2. The name-type should be + treated as a hint. Ignoring the name type, no two + names can be the same (i.e., at least one of the + components, or the realm, must be different). + This constraint may be eliminated in the future. + + name-string This field encodes a sequence of components that + form a name, each component encoded as a General + String. Taken together, a PrincipalName and a Realm + form a principal identifier. Most PrincipalNames + will have only a few components (typically one or two). + + KerberosTime ::= GeneralizedTime + -- Specifying UTC time zone (Z) + + The timestamps used in Kerberos are encoded as GeneralizedTimes. An + encoding shall specify the UTC time zone (Z) and shall not include + any fractional portions of the seconds. It further shall not include + any separators. Example: The only valid format for UTC time 6 + minutes, 27 seconds after 9 pm on 6 November 1985 is 19851106210627Z. + + HostAddress ::= SEQUENCE { + addr-type[0] INTEGER, + address[1] OCTET STRING + } + + HostAddresses ::= SEQUENCE OF SEQUENCE { + addr-type[0] INTEGER, + address[1] OCTET STRING + } + + + The host adddress encodings consists of two fields: + + addr-type This field specifies the type of address that + follows. Pre-defined values for this field are + specified in section 8.1. + + + address This field encodes a single address of type addr-type. + + The two forms differ slightly. HostAddress contains exactly one + + + +Kohl & Neuman [Page 39] + +RFC 1510 Kerberos September 1993 + + + address; HostAddresses contains a sequence of possibly many + addresses. + + AuthorizationData ::= SEQUENCE OF SEQUENCE { + ad-type[0] INTEGER, + ad-data[1] OCTET STRING + } + + + ad-data This field contains authorization data to be + interpreted according to the value of the + corresponding ad-type field. + + ad-type This field specifies the format for the ad-data + subfield. All negative values are reserved for + local use. Non-negative values are reserved for + registered use. + + APOptions ::= BIT STRING { + reserved(0), + use-session-key(1), + mutual-required(2) + } + + + TicketFlags ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + may-postdate(5), + postdated(6), + invalid(7), + renewable(8), + initial(9), + pre-authent(10), + hw-authent(11) + } + + KDCOptions ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + allow-postdate(5), + postdated(6), + + + +Kohl & Neuman [Page 40] + +RFC 1510 Kerberos September 1993 + + + unused7(7), + renewable(8), + unused9(9), + unused10(10), + unused11(11), + renewable-ok(27), + enc-tkt-in-skey(28), + renew(30), + validate(31) + } + + + LastReq ::= SEQUENCE OF SEQUENCE { + lr-type[0] INTEGER, + lr-value[1] KerberosTime + } + + lr-type This field indicates how the following lr-value + field is to be interpreted. Negative values indicate + that the information pertains only to the + responding server. Non-negative values pertain to + all servers for the realm. + + If the lr-type field is zero (0), then no information + is conveyed by the lr-value subfield. If the + absolute value of the lr-type field is one (1), + then the lr-value subfield is the time of last + initial request for a TGT. If it is two (2), then + the lr-value subfield is the time of last initial + request. If it is three (3), then the lr-value + subfield is the time of issue for the newest + ticket-granting ticket used. If it is four (4), + then the lr-value subfield is the time of the last + renewal. If it is five (5), then the lr-value + subfield is the time of last request (of any + type). + + lr-value This field contains the time of the last request. + The time must be interpreted according to the contents + of the accompanying lr-type subfield. + + See section 6 for the definitions of Checksum, ChecksumType, + EncryptedData, EncryptionKey, EncryptionType, and KeyType. + + + + + + + + +Kohl & Neuman [Page 41] + +RFC 1510 Kerberos September 1993 + + +5.3. Tickets and Authenticators + + This section describes the format and encryption parameters for + tickets and authenticators. When a ticket or authenticator is + included in a protocol message it is treated as an opaque object. + +5.3.1. Tickets + + A ticket is a record that helps a client authenticate to a service. + A Ticket contains the following information: + +Ticket ::= [APPLICATION 1] SEQUENCE { + tkt-vno[0] INTEGER, + realm[1] Realm, + sname[2] PrincipalName, + enc-part[3] EncryptedData +} +-- Encrypted part of ticket +EncTicketPart ::= [APPLICATION 3] SEQUENCE { + flags[0] TicketFlags, + key[1] EncryptionKey, + crealm[2] Realm, + cname[3] PrincipalName, + transited[4] TransitedEncoding, + authtime[5] KerberosTime, + starttime[6] KerberosTime OPTIONAL, + endtime[7] KerberosTime, + renew-till[8] KerberosTime OPTIONAL, + caddr[9] HostAddresses OPTIONAL, + authorization-data[10] AuthorizationData OPTIONAL +} +-- encoded Transited field +TransitedEncoding ::= SEQUENCE { + tr-type[0] INTEGER, -- must be registered + contents[1] OCTET STRING +} + + The encoding of EncTicketPart is encrypted in the key shared by + Kerberos and the end server (the server's secret key). See section 6 + for the format of the ciphertext. + + tkt-vno This field specifies the version number for the ticket + format. This document describes version number 5. + + realm This field specifies the realm that issued a ticket. It + also serves to identify the realm part of the server's + principal identifier. Since a Kerberos server can only + issue tickets for servers within its realm, the two will + + + +Kohl & Neuman [Page 42] + +RFC 1510 Kerberos September 1993 + + + always be identical. + + sname This field specifies the name part of the server's + identity. + + enc-part This field holds the encrypted encoding of the + EncTicketPart sequence. + + flags This field indicates which of various options were used or + requested when the ticket was issued. It is a bit-field, + where the selected options are indicated by the bit being + set (1), and the unselected options and reserved fields + being reset (0). Bit 0 is the most significant bit. The + encoding of the bits is specified in section 5.2. The + flags are described in more detail above in section 2. The + meanings of the flags are: + + Bit(s) Name Description + + 0 RESERVED Reserved for future expansion of this + field. + + 1 FORWARDABLE The FORWARDABLE flag is normally only + interpreted by the TGS, and can be + ignored by end servers. When set, + this flag tells the ticket-granting + server that it is OK to issue a new + ticket- granting ticket with a + different network address based on + the presented ticket. + + 2 FORWARDED When set, this flag indicates that + the ticket has either been forwarded + or was issued based on authentication + involving a forwarded ticket-granting + ticket. + + 3 PROXIABLE The PROXIABLE flag is normally only + interpreted by the TGS, and can be + ignored by end servers. The PROXIABLE + flag has an interpretation identical + to that of the FORWARDABLE flag, + except that the PROXIABLE flag tells + the ticket-granting server that only + non- ticket-granting tickets may be + issued with different network + addresses. + + + + +Kohl & Neuman [Page 43] + +RFC 1510 Kerberos September 1993 + + + 4 PROXY When set, this flag indicates that a + ticket is a proxy. + + 5 MAY-POSTDATE The MAY-POSTDATE flag is normally + only interpreted by the TGS, and can + be ignored by end servers. This flag + tells the ticket-granting server that + a post- dated ticket may be issued + based on this ticket-granting ticket. + + 6 POSTDATED This flag indicates that this ticket + has been postdated. The end-service + can check the authtime field to see + when the original authentication + occurred. + + 7 INVALID This flag indicates that a ticket is + invalid, and it must be validated by + the KDC before use. Application + servers must reject tickets which + have this flag set. + + 8 RENEWABLE The RENEWABLE flag is normally only + interpreted by the TGS, and can + usually be ignored by end servers + (some particularly careful servers + may wish to disallow renewable + tickets). A renewable ticket can be + used to obtain a replacement ticket + that expires at a later date. + + 9 INITIAL This flag indicates that this ticket + was issued using the AS protocol, and + not issued based on a ticket-granting + ticket. + + 10 PRE-AUTHENT This flag indicates that during + initial authentication, the client + was authenticated by the KDC before a + ticket was issued. The strength of + the preauthentication method is not + indicated, but is acceptable to the + KDC. + + 11 HW-AUTHENT This flag indicates that the protocol + employed for initial authentication + required the use of hardware expected + to be possessed solely by the named + + + +Kohl & Neuman [Page 44] + +RFC 1510 Kerberos September 1993 + + + client. The hardware authentication + method is selected by the KDC and the + strength of the method is not + indicated. + + 12-31 RESERVED Reserved for future use. + + key This field exists in the ticket and the KDC response and is + used to pass the session key from Kerberos to the + application server and the client. The field's encoding is + described in section 6.2. + + crealm This field contains the name of the realm in which the + client is registered and in which initial authentication + took place. + + cname This field contains the name part of the client's principal + identifier. + + transited This field lists the names of the Kerberos realms that took + part in authenticating the user to whom this ticket was + issued. It does not specify the order in which the realms + were transited. See section 3.3.3.1 for details on how + this field encodes the traversed realms. + + authtime This field indicates the time of initial authentication for + the named principal. It is the time of issue for the + original ticket on which this ticket is based. It is + included in the ticket to provide additional information to + the end service, and to provide the necessary information + for implementation of a `hot list' service at the KDC. An + end service that is particularly paranoid could refuse to + accept tickets for which the initial authentication + occurred "too far" in the past. + + This field is also returned as part of the response from + the KDC. When returned as part of the response to initial + authentication (KRB_AS_REP), this is the current time on + the Kerberos server (It is NOT recommended that this time + value be used to adjust the workstation's clock since the + workstation cannot reliably determine that such a + KRB_AS_REP actually came from the proper KDC in a timely + manner.). + + starttime This field in the ticket specifies the time after which the + ticket is valid. Together with endtime, this field + specifies the life of the ticket. If it is absent from + the ticket, its value should be treated as that of the + + + +Kohl & Neuman [Page 45] + +RFC 1510 Kerberos September 1993 + + + authtime field. + + endtime This field contains the time after which the ticket will + not be honored (its expiration time). Note that individual + services may place their own limits on the life of a ticket + and may reject tickets which have not yet expired. As + such, this is really an upper bound on the expiration time + for the ticket. + + renew-till This field is only present in tickets that have the + RENEWABLE flag set in the flags field. It indicates the + maximum endtime that may be included in a renewal. It can + be thought of as the absolute expiration time for the + ticket, including all renewals. + + caddr This field in a ticket contains zero (if omitted) or more + (if present) host addresses. These are the addresses from + which the ticket can be used. If there are no addresses, + the ticket can be used from any location. The decision + by the KDC to issue or by the end server to accept zero- + address tickets is a policy decision and is left to the + Kerberos and end-service administrators; they may refuse to + issue or accept such tickets. The suggested and default + policy, however, is that such tickets will only be issued + or accepted when additional information that can be used to + restrict the use of the ticket is included in the + authorization_data field. Such a ticket is a capability. + + Network addresses are included in the ticket to make it + harder for an attacker to use stolen credentials. Because + the session key is not sent over the network in cleartext, + credentials can't be stolen simply by listening to the + network; an attacker has to gain access to the session key + (perhaps through operating system security breaches or a + careless user's unattended session) to make use of stolen + tickets. + + It is important to note that the network address from which + a connection is received cannot be reliably determined. + Even if it could be, an attacker who has compromised the + client's workstation could use the credentials from there. + Including the network addresses only makes it more + difficult, not impossible, for an attacker to walk off with + stolen credentials and then use them from a "safe" + location. + + + + + + +Kohl & Neuman [Page 46] + +RFC 1510 Kerberos September 1993 + + + authorization-data The authorization-data field is used to pass + authorization data from the principal on whose behalf a + ticket was issued to the application service. If no + authorization data is included, this field will be left + out. The data in this field are specific to the end + service. It is expected that the field will contain the + names of service specific objects, and the rights to those + objects. The format for this field is described in section + 5.2. Although Kerberos is not concerned with the format of + the contents of the subfields, it does carry type + information (ad-type). + + By using the authorization_data field, a principal is able + to issue a proxy that is valid for a specific purpose. For + example, a client wishing to print a file can obtain a file + server proxy to be passed to the print server. By + specifying the name of the file in the authorization_data + field, the file server knows that the print server can only + use the client's rights when accessing the particular file + to be printed. + + It is interesting to note that if one specifies the + authorization-data field of a proxy and leaves the host + addresses blank, the resulting ticket and session key can + be treated as a capability. See [9] for some suggested + uses of this field. + + The authorization-data field is optional and does not have + to be included in a ticket. + +5.3.2. Authenticators + + An authenticator is a record sent with a ticket to a server to + certify the client's knowledge of the encryption key in the ticket, + to help the server detect replays, and to help choose a "true session + key" to use with the particular session. The encoding is encrypted + in the ticket's session key shared by the client and the server: + +-- Unencrypted authenticator +Authenticator ::= [APPLICATION 2] SEQUENCE { + authenticator-vno[0] INTEGER, + crealm[1] Realm, + cname[2] PrincipalName, + cksum[3] Checksum OPTIONAL, + cusec[4] INTEGER, + ctime[5] KerberosTime, + subkey[6] EncryptionKey OPTIONAL, + seq-number[7] INTEGER OPTIONAL, + + + +Kohl & Neuman [Page 47] + +RFC 1510 Kerberos September 1993 + + + authorization-data[8] AuthorizationData OPTIONAL + } + + authenticator-vno This field specifies the version number for the + format of the authenticator. This document specifies + version 5. + + crealm and cname These fields are the same as those described for the + ticket in section 5.3.1. + + cksum This field contains a checksum of the the application data + that accompanies the KRB_AP_REQ. + + cusec This field contains the microsecond part of the client's + timestamp. Its value (before encryption) ranges from 0 to + 999999. It often appears along with ctime. The two fields + are used together to specify a reasonably accurate + timestamp. + + ctime This field contains the current time on the client's host. + + subkey This field contains the client's choice for an encryption + key which is to be used to protect this specific + application session. Unless an application specifies + otherwise, if this field is left out the session key from + the ticket will be used. + + seq-number This optional field includes the initial sequence number + to be used by the KRB_PRIV or KRB_SAFE messages when + sequence numbers are used to detect replays (It may also be + used by application specific messages). When included in + the authenticator this field specifies the initial sequence + number for messages from the client to the server. When + included in the AP-REP message, the initial sequence number + is that for messages from the server to the client. When + used in KRB_PRIV or KRB_SAFE messages, it is incremented by + one after each message is sent. + + For sequence numbers to adequately support the detection of + replays they should be non-repeating, even across + connection boundaries. The initial sequence number should + be random and uniformly distributed across the full space + of possible sequence numbers, so that it cannot be guessed + by an attacker and so that it and the successive sequence + numbers do not repeat other sequences. + + + + + + +Kohl & Neuman [Page 48] + +RFC 1510 Kerberos September 1993 + + + authorization-data This field is the same as described for the ticket + in section 5.3.1. It is optional and will only appear when + additional restrictions are to be placed on the use of a + ticket, beyond those carried in the ticket itself. + +5.4. Specifications for the AS and TGS exchanges + + This section specifies the format of the messages used in exchange + between the client and the Kerberos server. The format of possible + error messages appears in section 5.9.1. + +5.4.1. KRB_KDC_REQ definition + + The KRB_KDC_REQ message has no type of its own. Instead, its type is + one of KRB_AS_REQ or KRB_TGS_REQ depending on whether the request is + for an initial ticket or an additional ticket. In either case, the + message is sent from the client to the Authentication Server to + request credentials for a service. + +The message fields are: + +AS-REQ ::= [APPLICATION 10] KDC-REQ +TGS-REQ ::= [APPLICATION 12] KDC-REQ + +KDC-REQ ::= SEQUENCE { + pvno[1] INTEGER, + msg-type[2] INTEGER, + padata[3] SEQUENCE OF PA-DATA OPTIONAL, + req-body[4] KDC-REQ-BODY +} + +PA-DATA ::= SEQUENCE { + padata-type[1] INTEGER, + padata-value[2] OCTET STRING, + -- might be encoded AP-REQ +} + +KDC-REQ-BODY ::= SEQUENCE { + kdc-options[0] KDCOptions, + cname[1] PrincipalName OPTIONAL, + -- Used only in AS-REQ + realm[2] Realm, -- Server's realm + -- Also client's in AS-REQ + sname[3] PrincipalName OPTIONAL, + from[4] KerberosTime OPTIONAL, + till[5] KerberosTime, + rtime[6] KerberosTime OPTIONAL, + nonce[7] INTEGER, + + + +Kohl & Neuman [Page 49] + +RFC 1510 Kerberos September 1993 + + + etype[8] SEQUENCE OF INTEGER, -- EncryptionType, + -- in preference order + addresses[9] HostAddresses OPTIONAL, + enc-authorization-data[10] EncryptedData OPTIONAL, + -- Encrypted AuthorizationData encoding + additional-tickets[11] SEQUENCE OF Ticket OPTIONAL +} + + The fields in this message are: + + pvno This field is included in each message, and specifies the + protocol version number. This document specifies protocol + version 5. + + msg-type This field indicates the type of a protocol message. It + will almost always be the same as the application + identifier associated with a message. It is included to + make the identifier more readily accessible to the + application. For the KDC-REQ message, this type will be + KRB_AS_REQ or KRB_TGS_REQ. + + padata The padata (pre-authentication data) field contains a of + authentication information which may be needed before + credentials can be issued or decrypted. In the case of + requests for additional tickets (KRB_TGS_REQ), this field + will include an element with padata-type of PA-TGS-REQ and + data of an authentication header (ticket-granting ticket + and authenticator). The checksum in the authenticator + (which must be collisionproof) is to be computed over the + KDC-REQ-BODY encoding. In most requests for initial + authentication (KRB_AS_REQ) and most replies (KDC-REP), the + padata field will be left out. + + This field may also contain information needed by certain + extensions to the Kerberos protocol. For example, it might + be used to initially verify the identity of a client before + any response is returned. This is accomplished with a + padata field with padata-type equal to PA-ENC-TIMESTAMP and + padata-value defined as follows: + + padata-type ::= PA-ENC-TIMESTAMP + padata-value ::= EncryptedData -- PA-ENC-TS-ENC + + PA-ENC-TS-ENC ::= SEQUENCE { + patimestamp[0] KerberosTime, -- client's time + pausec[1] INTEGER OPTIONAL + } + + + + +Kohl & Neuman [Page 50] + +RFC 1510 Kerberos September 1993 + + + with patimestamp containing the client's time and pausec + containing the microseconds which may be omitted if a + client will not generate more than one request per second. + The ciphertext (padata-value) consists of the PA-ENC-TS-ENC + sequence, encrypted using the client's secret key. + + The padata field can also contain information needed to + help the KDC or the client select the key needed for + generating or decrypting the response. This form of the + padata is useful for supporting the use of certain + "smartcards" with Kerberos. The details of such extensions + are beyond the scope of this specification. See [10] for + additional uses of this field. + + padata-type The padata-type element of the padata field indicates the + way that the padata-value element is to be interpreted. + Negative values of padata-type are reserved for + unregistered use; non-negative values are used for a + registered interpretation of the element type. + + req-body This field is a placeholder delimiting the extent of the + remaining fields. If a checksum is to be calculated over + the request, it is calculated over an encoding of the KDC- + REQ-BODY sequence which is enclosed within the req-body + field. + + kdc-options This field appears in the KRB_AS_REQ and KRB_TGS_REQ + requests to the KDC and indicates the flags that the client + wants set on the tickets as well as other information that + is to modify the behavior of the KDC. Where appropriate, + the name of an option may be the same as the flag that is + set by that option. Although in most case, the bit in the + options field will be the same as that in the flags field, + this is not guaranteed, so it is not acceptable to simply + copy the options field to the flags field. There are + various checks that must be made before honoring an option + anyway. + + The kdc_options field is a bit-field, where the selected + options are indicated by the bit being set (1), and the + unselected options and reserved fields being reset (0). + The encoding of the bits is specified in section 5.2. The + options are described in more detail above in section 2. + The meanings of the options are: + + + + + + + +Kohl & Neuman [Page 51] + +RFC 1510 Kerberos September 1993 + + + Bit(s) Name Description + + 0 RESERVED Reserved for future expansion of this + field. + + 1 FORWARDABLE The FORWARDABLE option indicates that + the ticket to be issued is to have its + forwardable flag set. It may only be + set on the initial request, or in a + subsequent request if the ticket- + granting ticket on which it is based + is also forwardable. + + 2 FORWARDED The FORWARDED option is only specified + in a request to the ticket-granting + server and will only be honored if the + ticket-granting ticket in the request + has its FORWARDABLE bit set. This + option indicates that this is a + request for forwarding. The + address(es) of the host from which the + resulting ticket is to be valid are + included in the addresses field of the + request. + + + 3 PROXIABLE The PROXIABLE option indicates that + the ticket to be issued is to have its + proxiable flag set. It may only be set + on the initial request, or in a + subsequent request if the ticket- + granting ticket on which it is based + is also proxiable. + + 4 PROXY The PROXY option indicates that this + is a request for a proxy. This option + will only be honored if the ticket- + granting ticket in the request has its + PROXIABLE bit set. The address(es) of + the host from which the resulting + ticket is to be valid are included in + the addresses field of the request. + + 5 ALLOW-POSTDATE The ALLOW-POSTDATE option indicates + that the ticket to be issued is to + have its MAY-POSTDATE flag set. It + may only be set on the initial + request, or in a subsequent request if + + + +Kohl & Neuman [Page 52] + +RFC 1510 Kerberos September 1993 + + + the ticket-granting ticket on which it + is based also has its MAY-POSTDATE + flag set. + + 6 POSTDATED The POSTDATED option indicates that + this is a request for a postdated + ticket. This option will only be + honored if the ticket-granting ticket + on which it is based has its MAY- + POSTDATE flag set. The resulting + ticket will also have its INVALID flag + set, and that flag may be reset by a + subsequent request to the KDC after + the starttime in the ticket has been + reached. + + 7 UNUSED This option is presently unused. + + 8 RENEWABLE The RENEWABLE option indicates that + the ticket to be issued is to have its + RENEWABLE flag set. It may only be + set on the initial request, or when + the ticket-granting ticket on which + the request is based is also + renewable. If this option is + requested, then the rtime field in the + request contains the desired absolute + expiration time for the ticket. + + 9-26 RESERVED Reserved for future use. + + 27 RENEWABLE-OK The RENEWABLE-OK option indicates that + a renewable ticket will be acceptable + if a ticket with the requested life + cannot otherwise be provided. If a + ticket with the requested life cannot + be provided, then a renewable ticket + may be issued with a renew-till equal + to the the requested endtime. The + value of the renew-till field may + still be limited by local limits, or + limits selected by the individual + principal or server. + + 28 ENC-TKT-IN-SKEY This option is used only by the + ticket-granting service. The ENC- + TKT-IN-SKEY option indicates that the + ticket for the end server is to be + + + +Kohl & Neuman [Page 53] + +RFC 1510 Kerberos September 1993 + + + encrypted in the session key from the + additional ticket-granting ticket + provided. + + 29 RESERVED Reserved for future use. + + 30 RENEW This option is used only by the + ticket-granting service. The RENEW + option indicates that the present + request is for a renewal. The ticket + provided is encrypted in the secret + key for the server on which it is + valid. This option will only be + honored if the ticket to be renewed + has its RENEWABLE flag set and if the + time in its renew till field has not + passed. The ticket to be renewed is + passed in the padata field as part of + the authentication header. + + 31 VALIDATE This option is used only by the + ticket-granting service. The VALIDATE + option indicates that the request is + to validate a postdated ticket. It + will only be honored if the ticket + presented is postdated, presently has + its INVALID flag set, and would be + otherwise usable at this time. A + ticket cannot be validated before its + starttime. The ticket presented for + validation is encrypted in the key of + the server for which it is valid and + is passed in the padata field as part + of the authentication header. + + cname and sname These fields are the same as those described for the + ticket in section 5.3.1. sname may only be absent when the + ENC-TKT-IN-SKEY option is specified. If absent, the name + of the server is taken from the name of the client in the + ticket passed as additional-tickets. + + enc-authorization-data The enc-authorization-data, if present (and it + can only be present in the TGS_REQ form), is an encoding of + the desired authorization-data encrypted under the sub- + session key if present in the Authenticator, or + alternatively from the session key in the ticket-granting + ticket, both from the padata field in the KRB_AP_REQ. + + + + +Kohl & Neuman [Page 54] + +RFC 1510 Kerberos September 1993 + + + realm This field specifies the realm part of the server's + principal identifier. In the AS exchange, this is also the + realm part of the client's principal identifier. + + from This field is included in the KRB_AS_REQ and KRB_TGS_REQ + ticket requests when the requested ticket is to be + postdated. It specifies the desired start time for the + requested ticket. + + till This field contains the expiration date requested by the + client in a ticket request. + + rtime This field is the requested renew-till time sent from a + client to the KDC in a ticket request. It is optional. + + nonce This field is part of the KDC request and response. It it + intended to hold a random number generated by the client. + If the same number is included in the encrypted response + from the KDC, it provides evidence that the response is + fresh and has not been replayed by an attacker. Nonces + must never be re-used. Ideally, it should be gen erated + randomly, but if the correct time is known, it may suffice + (Note, however, that if the time is used as the nonce, one + must make sure that the workstation time is monotonically + increasing. If the time is ever reset backwards, there is + a small, but finite, probability that a nonce will be + reused.). + + etype This field specifies the desired encryption algorithm to be + used in the response. + + addresses This field is included in the initial request for tickets, + and optionally included in requests for additional tickets + from the ticket-granting server. It specifies the + addresses from which the requested ticket is to be valid. + Normally it includes the addresses for the client's host. + If a proxy is requested, this field will contain other + addresses. The contents of this field are usually copied + by the KDC into the caddr field of the resulting ticket. + + additional-tickets Additional tickets may be optionally included in a + request to the ticket-granting server. If the ENC-TKT-IN- + SKEY option has been specified, then the session key from + the additional ticket will be used in place of the server's + key to encrypt the new ticket. If more than one option + which requires additional tickets has been specified, then + the additional tickets are used in the order specified by + the ordering of the options bits (see kdc-options, above). + + + +Kohl & Neuman [Page 55] + +RFC 1510 Kerberos September 1993 + + + The application code will be either ten (10) or twelve (12) depending + on whether the request is for an initial ticket (AS-REQ) or for an + additional ticket (TGS-REQ). + + The optional fields (addresses, authorization-data and additional- + tickets) are only included if necessary to perform the operation + specified in the kdc-options field. + + It should be noted that in KRB_TGS_REQ, the protocol version number + appears twice and two different message types appear: the KRB_TGS_REQ + message contains these fields as does the authentication header + (KRB_AP_REQ) that is passed in the padata field. + +5.4.2. KRB_KDC_REP definition + + The KRB_KDC_REP message format is used for the reply from the KDC for + either an initial (AS) request or a subsequent (TGS) request. There + is no message type for KRB_KDC_REP. Instead, the type will be either + KRB_AS_REP or KRB_TGS_REP. The key used to encrypt the ciphertext + part of the reply depends on the message type. For KRB_AS_REP, the + ciphertext is encrypted in the client's secret key, and the client's + key version number is included in the key version number for the + encrypted data. For KRB_TGS_REP, the ciphertext is encrypted in the + sub-session key from the Authenticator, or if absent, the session key + from the ticket-granting ticket used in the request. In that case, + no version number will be present in the EncryptedData sequence. + + The KRB_KDC_REP message contains the following fields: + + AS-REP ::= [APPLICATION 11] KDC-REP + TGS-REP ::= [APPLICATION 13] KDC-REP + + KDC-REP ::= SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + padata[2] SEQUENCE OF PA-DATA OPTIONAL, + crealm[3] Realm, + cname[4] PrincipalName, + ticket[5] Ticket, + enc-part[6] EncryptedData + } + + EncASRepPart ::= [APPLICATION 25[25]] EncKDCRepPart + EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart + + EncKDCRepPart ::= SEQUENCE { + key[0] EncryptionKey, + last-req[1] LastReq, + + + +Kohl & Neuman [Page 56] + +RFC 1510 Kerberos September 1993 + + + nonce[2] INTEGER, + key-expiration[3] KerberosTime OPTIONAL, + flags[4] TicketFlags, + authtime[5] KerberosTime, + starttime[6] KerberosTime OPTIONAL, + endtime[7] KerberosTime, + renew-till[8] KerberosTime OPTIONAL, + srealm[9] Realm, + sname[10] PrincipalName, + caddr[11] HostAddresses OPTIONAL + } + + NOTE: In EncASRepPart, the application code in the encrypted + part of a message provides an additional check that + the message was decrypted properly. + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is either KRB_AS_REP or KRB_TGS_REP. + + padata This field is described in detail in section 5.4.1. One + possible use for this field is to encode an alternate + "mix-in" string to be used with a string-to-key algorithm + (such as is described in section 6.3.2). This ability is + useful to ease transitions if a realm name needs to change + (e.g., when a company is acquired); in such a case all + existing password-derived entries in the KDC database would + be flagged as needing a special mix-in string until the + next password change. + + crealm, cname, srealm and sname These fields are the same as those + described for the ticket in section 5.3.1. + + ticket The newly-issued ticket, from section 5.3.1. + + enc-part This field is a place holder for the ciphertext and related + information that forms the encrypted part of a message. + The description of the encrypted part of the message + follows each appearance of this field. The encrypted part + is encoded as described in section 6.1. + + key This field is the same as described for the ticket in + section 5.3.1. + + last-req This field is returned by the KDC and specifies the time(s) + of the last request by a principal. Depending on what + information is available, this might be the last time that + a request for a ticket-granting ticket was made, or the + last time that a request based on a ticket-granting ticket + + + +Kohl & Neuman [Page 57] + +RFC 1510 Kerberos September 1993 + + + was successful. It also might cover all servers for a + realm, or just the particular server. Some implementations + may display this information to the user to aid in + discovering unauthorized use of one's identity. It is + similar in spirit to the last login time displayed when + logging into timesharing systems. + + nonce This field is described above in section 5.4.1. + + key-expiration The key-expiration field is part of the response from + the KDC and specifies the time that the client's secret key + is due to expire. The expiration might be the result of + password aging or an account expiration. This field will + usually be left out of the TGS reply since the response to + the TGS request is encrypted in a session key and no client + information need be retrieved from the KDC database. It is + up to the application client (usually the login program) to + take appropriate action (such as notifying the user) if the + expira tion time is imminent. + + flags, authtime, starttime, endtime, renew-till and caddr These + fields are duplicates of those found in the encrypted + portion of the attached ticket (see section 5.3.1), + provided so the client may verify they match the intended + request and to assist in proper ticket caching. If the + message is of type KRB_TGS_REP, the caddr field will only + be filled in if the request was for a proxy or forwarded + ticket, or if the user is substituting a subset of the + addresses from the ticket granting ticket. If the client- + requested addresses are not present or not used, then the + addresses contained in the ticket will be the same as those + included in the ticket-granting ticket. + +5.5. Client/Server (CS) message specifications + + This section specifies the format of the messages used for the + authentication of the client to the application server. + +5.5.1. KRB_AP_REQ definition + + The KRB_AP_REQ message contains the Kerberos protocol version number, + the message type KRB_AP_REQ, an options field to indicate any options + in use, and the ticket and authenticator themselves. The KRB_AP_REQ + message is often referred to as the "authentication header". + + AP-REQ ::= [APPLICATION 14] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + + + +Kohl & Neuman [Page 58] + +RFC 1510 Kerberos September 1993 + + + ap-options[2] APOptions, + ticket[3] Ticket, + authenticator[4] EncryptedData + } + + APOptions ::= BIT STRING { + reserved(0), + use-session-key(1), + mutual-required(2) + } + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_AP_REQ. + + ap-options This field appears in the application request (KRB_AP_REQ) + and affects the way the request is processed. It is a + bit-field, where the selected options are indicated by the + bit being set (1), and the unselected options and reserved + fields being reset (0). The encoding of the bits is + specified in section 5.2. The meanings of the options are: + + Bit(s) Name Description + + 0 RESERVED Reserved for future expansion of + this field. + + 1 USE-SESSION-KEYThe USE-SESSION-KEY option indicates + that the ticket the client is + presenting to a server is encrypted in + the session key from the server's + ticket-granting ticket. When this + option is not specified, the ticket is + encrypted in the server's secret key. + + 2 MUTUAL-REQUIREDThe MUTUAL-REQUIRED option tells the + server that the client requires mutual + authentication, and that it must + respond with a KRB_AP_REP message. + + 3-31 RESERVED Reserved for future use. + + ticket This field is a ticket authenticating the client to the + server. + + authenticator This contains the authenticator, which includes the + client's choice of a subkey. Its encoding is described in + section 5.3.2. + + + + +Kohl & Neuman [Page 59] + +RFC 1510 Kerberos September 1993 + + +5.5.2. KRB_AP_REP definition + + The KRB_AP_REP message contains the Kerberos protocol version number, + the message type, and an encrypted timestamp. The message is sent in + in response to an application request (KRB_AP_REQ) where the mutual + authentication option has been selected in the ap-options field. + + AP-REP ::= [APPLICATION 15] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + enc-part[2] EncryptedData + } + + EncAPRepPart ::= [APPLICATION 27] SEQUENCE { + ctime[0] KerberosTime, + cusec[1] INTEGER, + subkey[2] EncryptionKey OPTIONAL, + seq-number[3] INTEGER OPTIONAL + } + + NOTE: in EncAPRepPart, the application code in the encrypted part of + a message provides an additional check that the message was decrypted + properly. + + The encoded EncAPRepPart is encrypted in the shared session key of + the ticket. The optional subkey field can be used in an + application-arranged negotiation to choose a per association session + key. + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_AP_REP. + + enc-part This field is described above in section 5.4.2. + + ctime This field contains the current time on the client's host. + + cusec This field contains the microsecond part of the client's + timestamp. + + subkey This field contains an encryption key which is to be used + to protect this specific application session. See section + 3.2.6 for specifics on how this field is used to negotiate + a key. Unless an application specifies otherwise, if this + field is left out, the sub-session key from the + authenticator, or if also left out, the session key from + the ticket will be used. + + + + + +Kohl & Neuman [Page 60] + +RFC 1510 Kerberos September 1993 + + +5.5.3. Error message reply + + If an error occurs while processing the application request, the + KRB_ERROR message will be sent in response. See section 5.9.1 for + the format of the error message. The cname and crealm fields may be + left out if the server cannot determine their appropriate values from + the corresponding KRB_AP_REQ message. If the authenticator was + decipherable, the ctime and cusec fields will contain the values from + it. + +5.6. KRB_SAFE message specification + + This section specifies the format of a message that can be used by + either side (client or server) of an application to send a tamper- + proof message to its peer. It presumes that a session key has + previously been exchanged (for example, by using the + KRB_AP_REQ/KRB_AP_REP messages). + +5.6.1. KRB_SAFE definition + + The KRB_SAFE message contains user data along with a collision-proof + checksum keyed with the session key. The message fields are: + + KRB-SAFE ::= [APPLICATION 20] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + safe-body[2] KRB-SAFE-BODY, + cksum[3] Checksum + } + + KRB-SAFE-BODY ::= SEQUENCE { + user-data[0] OCTET STRING, + timestamp[1] KerberosTime OPTIONAL, + usec[2] INTEGER OPTIONAL, + seq-number[3] INTEGER OPTIONAL, + s-address[4] HostAddress, + r-address[5] HostAddress OPTIONAL + } + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_SAFE. + + safe-body This field is a placeholder for the body of the KRB-SAFE + message. It is to be encoded separately and then have the + checksum computed over it, for use in the cksum field. + + cksum This field contains the checksum of the application data. + Checksum details are described in section 6.4. The + + + +Kohl & Neuman [Page 61] + +RFC 1510 Kerberos September 1993 + + + checksum is computed over the encoding of the KRB-SAFE-BODY + sequence. + + user-data This field is part of the KRB_SAFE and KRB_PRIV messages + and contain the application specific data that is being + passed from the sender to the recipient. + + timestamp This field is part of the KRB_SAFE and KRB_PRIV messages. + Its contents are the current time as known by the sender of + the message. By checking the timestamp, the recipient of + the message is able to make sure that it was recently + generated, and is not a replay. + + usec This field is part of the KRB_SAFE and KRB_PRIV headers. + It contains the microsecond part of the timestamp. + + seq-number This field is described above in section 5.3.2. + + s-address This field specifies the address in use by the sender of + the message. + + r-address This field specifies the address in use by the recipient of + the message. It may be omitted for some uses (such as + broadcast protocols), but the recipient may arbitrarily + reject such messages. This field along with s-address can + be used to help detect messages which have been incorrectly + or maliciously delivered to the wrong recipient. + +5.7. KRB_PRIV message specification + + This section specifies the format of a message that can be used by + either side (client or server) of an application to securely and + privately send a message to its peer. It presumes that a session key + has previously been exchanged (for example, by using the + KRB_AP_REQ/KRB_AP_REP messages). + +5.7.1. KRB_PRIV definition + + The KRB_PRIV message contains user data encrypted in the Session Key. + The message fields are: + + KRB-PRIV ::= [APPLICATION 21] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + enc-part[3] EncryptedData + } + + + + + +Kohl & Neuman [Page 62] + +RFC 1510 Kerberos September 1993 + + + EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { + user-data[0] OCTET STRING, + timestamp[1] KerberosTime OPTIONAL, + usec[2] INTEGER OPTIONAL, + seq-number[3] INTEGER OPTIONAL, + s-address[4] HostAddress, -- sender's addr + r-address[5] HostAddress OPTIONAL + -- recip's addr + } + + NOTE: In EncKrbPrivPart, the application code in the encrypted part + of a message provides an additional check that the message was + decrypted properly. + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_PRIV. + + enc-part This field holds an encoding of the EncKrbPrivPart sequence + encrypted under the session key (If supported by the + encryption method in use, an initialization vector may be + passed to the encryption procedure, in order to achieve + proper cipher chaining. The initialization vector might + come from the last block of the ciphertext from the + previous KRB_PRIV message, but it is the application's + choice whether or not to use such an initialization vector. + If left out, the default initialization vector for the + encryption algorithm will be used.). This encrypted + encoding is used for the enc-part field of the KRB-PRIV + message. See section 6 for the format of the ciphertext. + + user-data, timestamp, usec, s-address and r-address These fields are + described above in section 5.6.1. + + seq-number This field is described above in section 5.3.2. + +5.8. KRB_CRED message specification + + This section specifies the format of a message that can be used to + send Kerberos credentials from one principal to another. It is + presented here to encourage a common mechanism to be used by + applications when forwarding tickets or providing proxies to + subordinate servers. It presumes that a session key has already been + exchanged perhaps by using the KRB_AP_REQ/KRB_AP_REP messages. + +5.8.1. KRB_CRED definition + + The KRB_CRED message contains a sequence of tickets to be sent and + information needed to use the tickets, including the session key from + + + +Kohl & Neuman [Page 63] + +RFC 1510 Kerberos September 1993 + + + each. The information needed to use the tickets is encryped under an + encryption key previously exchanged. The message fields are: + + KRB-CRED ::= [APPLICATION 22] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, -- KRB_CRED + tickets[2] SEQUENCE OF Ticket, + enc-part[3] EncryptedData + } + + EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { + ticket-info[0] SEQUENCE OF KrbCredInfo, + nonce[1] INTEGER OPTIONAL, + timestamp[2] KerberosTime OPTIONAL, + usec[3] INTEGER OPTIONAL, + s-address[4] HostAddress OPTIONAL, + r-address[5] HostAddress OPTIONAL + } + + KrbCredInfo ::= SEQUENCE { + key[0] EncryptionKey, + prealm[1] Realm OPTIONAL, + pname[2] PrincipalName OPTIONAL, + flags[3] TicketFlags OPTIONAL, + authtime[4] KerberosTime OPTIONAL, + starttime[5] KerberosTime OPTIONAL, + endtime[6] KerberosTime OPTIONAL + renew-till[7] KerberosTime OPTIONAL, + srealm[8] Realm OPTIONAL, + sname[9] PrincipalName OPTIONAL, + caddr[10] HostAddresses OPTIONAL + } + + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_CRED. + + tickets + These are the tickets obtained from the KDC specifically + for use by the intended recipient. Successive tickets are + paired with the corresponding KrbCredInfo sequence from the + enc-part of the KRB-CRED message. + + enc-part This field holds an encoding of the EncKrbCredPart sequence + encrypted under the session key shared between the sender + and the intended recipient. This encrypted encoding is + used for the enc-part field of the KRB-CRED message. See + section 6 for the format of the ciphertext. + + + +Kohl & Neuman [Page 64] + +RFC 1510 Kerberos September 1993 + + + nonce If practical, an application may require the inclusion of a + nonce generated by the recipient of the message. If the + same value is included as the nonce in the message, it + provides evidence that the message is fresh and has not + been replayed by an attacker. A nonce must never be re- + used; it should be generated randomly by the recipient of + the message and provided to the sender of the mes sage in + an application specific manner. + + timestamp and usec These fields specify the time that the KRB-CRED + message was generated. The time is used to provide + assurance that the message is fresh. + + s-address and r-address These fields are described above in section + 5.6.1. They are used optionally to provide additional + assurance of the integrity of the KRB-CRED message. + + key This field exists in the corresponding ticket passed by the + KRB-CRED message and is used to pass the session key from + the sender to the intended recipient. The field's encoding + is described in section 6.2. + + The following fields are optional. If present, they can be + associated with the credentials in the remote ticket file. If left + out, then it is assumed that the recipient of the credentials already + knows their value. + + prealm and pname The name and realm of the delegated principal + identity. + + flags, authtime, starttime, endtime, renew-till, srealm, sname, + and caddr These fields contain the values of the + corresponding fields from the ticket found in the ticket + field. Descriptions of the fields are identical to the + descriptions in the KDC-REP message. + +5.9. Error message specification + + This section specifies the format for the KRB_ERROR message. The + fields included in the message are intended to return as much + information as possible about an error. It is not expected that all + the information required by the fields will be available for all + types of errors. If the appropriate information is not available + when the message is composed, the corresponding field will be left + out of the message. + + Note that since the KRB_ERROR message is not protected by any + encryption, it is quite possible for an intruder to synthesize or + + + +Kohl & Neuman [Page 65] + +RFC 1510 Kerberos September 1993 + + + modify such a message. In particular, this means that the client + should not use any fields in this message for security-critical + purposes, such as setting a system clock or generating a fresh + authenticator. The message can be useful, however, for advising a + user on the reason for some failure. + +5.9.1. KRB_ERROR definition + + The KRB_ERROR message consists of the following fields: + + KRB-ERROR ::= [APPLICATION 30] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + ctime[2] KerberosTime OPTIONAL, + cusec[3] INTEGER OPTIONAL, + stime[4] KerberosTime, + susec[5] INTEGER, + error-code[6] INTEGER, + crealm[7] Realm OPTIONAL, + cname[8] PrincipalName OPTIONAL, + realm[9] Realm, -- Correct realm + sname[10] PrincipalName, -- Correct name + e-text[11] GeneralString OPTIONAL, + e-data[12] OCTET STRING OPTIONAL + } + + pvno and msg-type These fields are described above in section 5.4.1. + msg-type is KRB_ERROR. + + ctime This field is described above in section 5.4.1. + + cusec This field is described above in section 5.5.2. + + stime This field contains the current time on the server. It is + of type KerberosTime. + + susec This field contains the microsecond part of the server's + timestamp. Its value ranges from 0 to 999. It appears + along with stime. The two fields are used in conjunction to + specify a reasonably accurate timestamp. + + error-code This field contains the error code returned by Kerberos or + the server when a request fails. To interpret the value of + this field see the list of error codes in section 8. + Implementations are encouraged to provide for national + language support in the display of error messages. + + crealm, cname, srealm and sname These fields are described above in + + + +Kohl & Neuman [Page 66] + +RFC 1510 Kerberos September 1993 + + + section 5.3.1. + + e-text This field contains additional text to help explain the + error code associated with the failed request (for example, + it might include a principal name which was unknown). + + e-data This field contains additional data about the error for use + by the application to help it recover from or handle the + error. If the errorcode is KDC_ERR_PREAUTH_REQUIRED, then + the e-data field will contain an encoding of a sequence of + padata fields, each corresponding to an acceptable pre- + authentication method and optionally containing data for + the method: + + METHOD-DATA ::= SEQUENCE of PA-DATA + + If the error-code is KRB_AP_ERR_METHOD, then the e-data field will + contain an encoding of the following sequence: + + METHOD-DATA ::= SEQUENCE { + method-type[0] INTEGER, + method-data[1] OCTET STRING OPTIONAL + } + + method-type will indicate the required alternate method; method-data + will contain any required additional information. + +6. Encryption and Checksum Specifications + + The Kerberos protocols described in this document are designed to use + stream encryption ciphers, which can be simulated using commonly + available block encryption ciphers, such as the Data Encryption + Standard [11], in conjunction with block chaining and checksum + methods [12]. Encryption is used to prove the identities of the + network entities participating in message exchanges. The Key + Distribution Center for each realm is trusted by all principals + registered in that realm to store a secret key in confidence. Proof + of knowledge of this secret key is used to verify the authenticity of + a principal. + + The KDC uses the principal's secret key (in the AS exchange) or a + shared session key (in the TGS exchange) to encrypt responses to + ticket requests; the ability to obtain the secret key or session key + implies the knowledge of the appropriate keys and the identity of the + KDC. The ability of a principal to decrypt the KDC response and + present a Ticket and a properly formed Authenticator (generated with + the session key from the KDC response) to a service verifies the + identity of the principal; likewise the ability of the service to + + + +Kohl & Neuman [Page 67] + +RFC 1510 Kerberos September 1993 + + + extract the session key from the Ticket and prove its knowledge + thereof in a response verifies the identity of the service. + + The Kerberos protocols generally assume that the encryption used is + secure from cryptanalysis; however, in some cases, the order of + fields in the encrypted portions of messages are arranged to minimize + the effects of poorly chosen keys. It is still important to choose + good keys. If keys are derived from user-typed passwords, those + passwords need to be well chosen to make brute force attacks more + difficult. Poorly chosen keys still make easy targets for intruders. + + The following sections specify the encryption and checksum mechanisms + currently defined for Kerberos. The encodings, chaining, and padding + requirements for each are described. For encryption methods, it is + often desirable to place random information (often referred to as a + confounder) at the start of the message. The requirements for a + confounder are specified with each encryption mechanism. + + Some encryption systems use a block-chaining method to improve the + the security characteristics of the ciphertext. However, these + chaining methods often don't provide an integrity check upon + decryption. Such systems (such as DES in CBC mode) must be augmented + with a checksum of the plaintext which can be verified at decryption + and used to detect any tampering or damage. Such checksums should be + good at detecting burst errors in the input. If any damage is + detected, the decryption routine is expected to return an error + indicating the failure of an integrity check. Each encryption type is + expected to provide and verify an appropriate checksum. The + specification of each encryption method sets out its checksum + requirements. + + Finally, where a key is to be derived from a user's password, an + algorithm for converting the password to a key of the appropriate + type is included. It is desirable for the string to key function to + be one-way, and for the mapping to be different in different realms. + This is important because users who are registered in more than one + realm will often use the same password in each, and it is desirable + that an attacker compromising the Kerberos server in one realm not + obtain or derive the user's key in another. + + For a discussion of the integrity characteristics of the candidate + encryption and checksum methods considered for Kerberos, the the + reader is referred to [13]. + +6.1. Encryption Specifications + + The following ASN.1 definition describes all encrypted messages. The + enc-part field which appears in the unencrypted part of messages in + + + +Kohl & Neuman [Page 68] + +RFC 1510 Kerberos September 1993 + + + section 5 is a sequence consisting of an encryption type, an optional + key version number, and the ciphertext. + + EncryptedData ::= SEQUENCE { + etype[0] INTEGER, -- EncryptionType + kvno[1] INTEGER OPTIONAL, + cipher[2] OCTET STRING -- ciphertext + } + + etype This field identifies which encryption algorithm was used + to encipher the cipher. Detailed specifications for + selected encryption types appear later in this section. + + kvno This field contains the version number of the key under + which data is encrypted. It is only present in messages + encrypted under long lasting keys, such as principals' + secret keys. + + cipher This field contains the enciphered text, encoded as an + OCTET STRING. + + The cipher field is generated by applying the specified encryption + algorithm to data composed of the message and algorithm-specific + inputs. Encryption mechanisms defined for use with Kerberos must + take sufficient measures to guarantee the integrity of the plaintext, + and we recommend they also take measures to protect against + precomputed dictionary attacks. If the encryption algorithm is not + itself capable of doing so, the protections can often be enhanced by + adding a checksum and a confounder. + + The suggested format for the data to be encrypted includes a + confounder, a checksum, the encoded plaintext, and any necessary + padding. The msg-seq field contains the part of the protocol message + described in section 5 which is to be encrypted. The confounder, + checksum, and padding are all untagged and untyped, and their length + is exactly sufficient to hold the appropriate item. The type and + length is implicit and specified by the particular encryption type + being used (etype). The format for the data to be encrypted is + described in the following diagram: + + +-----------+----------+-------------+-----+ + |confounder | check | msg-seq | pad | + +-----------+----------+-------------+-----+ + + The format cannot be described in ASN.1, but for those who prefer an + ASN.1-like notation: + + + + + +Kohl & Neuman [Page 69] + +RFC 1510 Kerberos September 1993 + + +CipherText ::= ENCRYPTED SEQUENCE { + confounder[0] UNTAGGED OCTET STRING(conf_length) OPTIONAL, + check[1] UNTAGGED OCTET STRING(checksum_length) OPTIONAL, + msg-seq[2] MsgSequence, + pad UNTAGGED OCTET STRING(pad_length) OPTIONAL +} + + In the above specification, UNTAGGED OCTET STRING(length) is the + notation for an octet string with its tag and length removed. It is + not a valid ASN.1 type. The tag bits and length must be removed from + the confounder since the purpose of the confounder is so that the + message starts with random data, but the tag and its length are + fixed. For other fields, the length and tag would be redundant if + they were included because they are specified by the encryption type. + + One generates a random confounder of the appropriate length, placing + it in confounder; zeroes out check; calculates the appropriate + checksum over confounder, check, and msg-seq, placing the result in + check; adds the necessary padding; then encrypts using the specified + encryption type and the appropriate key. + + Unless otherwise specified, a definition of an encryption algorithm + that specifies a checksum, a length for the confounder field, or an + octet boundary for padding uses this ciphertext format (The ordering + of the fields in the CipherText is important. Additionally, messages + encoded in this format must include a length as part of the msg-seq + field. This allows the recipient to verify that the message has not + been truncated. Without a length, an attacker could use a chosen + plaintext attack to generate a message which could be truncated, + while leaving the checksum intact. Note that if the msg-seq is an + encoding of an ASN.1 SEQUENCE or OCTET STRING, then the length is + part of that encoding.). Those fields which are not specified will be + omitted. + + In the interest of allowing all implementations using a particular + encryption type to communicate with all others using that type, the + specification of an encryption type defines any checksum that is + needed as part of the encryption process. If an alternative checksum + is to be used, a new encryption type must be defined. + + Some cryptosystems require additional information beyond the key and + the data to be encrypted. For example, DES, when used in cipher- + block-chaining mode, requires an initialization vector. If required, + the description for each encryption type must specify the source of + such additional information. + + + + + + +Kohl & Neuman [Page 70] + +RFC 1510 Kerberos September 1993 + + +6.2. Encryption Keys + + The sequence below shows the encoding of an encryption key: + + EncryptionKey ::= SEQUENCE { + keytype[0] INTEGER, + keyvalue[1] OCTET STRING + } + + keytype This field specifies the type of encryption key that + follows in the keyvalue field. It will almost always + correspond to the encryption algorithm used to generate the + EncryptedData, though more than one algorithm may use the + same type of key (the mapping is many to one). This might + happen, for example, if the encryption algorithm uses an + alternate checksum algorithm for an integrity check, or a + different chaining mechanism. + + keyvalue This field contains the key itself, encoded as an octet + string. + + All negative values for the encryption key type are reserved for + local use. All non-negative values are reserved for officially + assigned type fields and interpretations. + +6.3. Encryption Systems + +6.3.1. The NULL Encryption System (null) + + If no encryption is in use, the encryption system is said to be the + NULL encryption system. In the NULL encryption system there is no + checksum, confounder or padding. The ciphertext is simply the + plaintext. The NULL Key is used by the null encryption system and is + zero octets in length, with keytype zero (0). + +6.3.2. DES in CBC mode with a CRC-32 checksum (des-cbc-crc) + + The des-cbc-crc encryption mode encrypts information under the Data + Encryption Standard [11] using the cipher block chaining mode [12]. + A CRC-32 checksum (described in ISO 3309 [14]) is applied to the + confounder and message sequence (msg-seq) and placed in the cksum + field. DES blocks are 8 bytes. As a result, the data to be + encrypted (the concatenation of confounder, checksum, and message) + must be padded to an 8 byte boundary before encryption. The details + of the encryption of this data are identical to those for the des- + cbc-md5 encryption mode. + + Note that, since the CRC-32 checksum is not collisionproof, an + + + +Kohl & Neuman [Page 71] + +RFC 1510 Kerberos September 1993 + + + attacker could use a probabilistic chosenplaintext attack to generate + a valid message even if a confounder is used [13]. The use of + collision-proof checksums is recommended for environments where such + attacks represent a significant threat. The use of the CRC-32 as the + checksum for ticket or authenticator is no longer mandated as an + interoperability requirement for Kerberos Version 5 Specification 1 + (See section 9.1 for specific details). + +6.3.3. DES in CBC mode with an MD4 checksum (des-cbc-md4) + + The des-cbc-md4 encryption mode encrypts information under the Data + Encryption Standard [11] using the cipher block chaining mode [12]. + An MD4 checksum (described in [15]) is applied to the confounder and + message sequence (msg-seq) and placed in the cksum field. DES blocks + are 8 bytes. As a result, the data to be encrypted (the + concatenation of confounder, checksum, and message) must be padded to + an 8 byte boundary before encryption. The details of the encryption + of this data are identical to those for the descbc-md5 encryption + mode. + +6.3.4. DES in CBC mode with an MD5 checksum (des-cbc-md5) + + The des-cbc-md5 encryption mode encrypts information under the Data + Encryption Standard [11] using the cipher block chaining mode [12]. + An MD5 checksum (described in [16]) is applied to the confounder and + message sequence (msg-seq) and placed in the cksum field. DES blocks + are 8 bytes. As a result, the data to be encrypted (the + concatenation of confounder, checksum, and message) must be padded to + an 8 byte boundary before encryption. + + Plaintext and DES ciphtertext are encoded as 8-octet blocks which are + concatenated to make the 64-bit inputs for the DES algorithms. The + first octet supplies the 8 most significant bits (with the octet's + MSbit used as the DES input block's MSbit, etc.), the second octet + the next 8 bits, ..., and the eighth octet supplies the 8 least + significant bits. + + Encryption under DES using cipher block chaining requires an + additional input in the form of an initialization vector. Unless + otherwise specified, zero should be used as the initialization + vector. Kerberos' use of DES requires an 8-octet confounder. + + The DES specifications identify some "weak" and "semiweak" keys; + those keys shall not be used for encrypting messages for use in + Kerberos. Additionally, because of the way that keys are derived for + the encryption of checksums, keys shall not be used that yield "weak" + or "semi-weak" keys when eXclusive-ORed with the constant + F0F0F0F0F0F0F0F0. + + + +Kohl & Neuman [Page 72] + +RFC 1510 Kerberos September 1993 + + + A DES key is 8 octets of data, with keytype one (1). This consists + of 56 bits of key, and 8 parity bits (one per octet). The key is + encoded as a series of 8 octets written in MSB-first order. The bits + within the key are also encoded in MSB order. For example, if the + encryption key is: + (B1,B2,...,B7,P1,B8,...,B14,P2,B15,...,B49,P7,B50,...,B56,P8) where + B1,B2,...,B56 are the key bits in MSB order, and P1,P2,...,P8 are the + parity bits, the first octet of the key would be B1,B2,...,B7,P1 + (with B1 as the MSbit). [See the FIPS 81 introduction for + reference.] + + To generate a DES key from a text string (password), the text string + normally must have the realm and each component of the principal's + name appended(In some cases, it may be necessary to use a different + "mix-in" string for compatibility reasons; see the discussion of + padata in section 5.4.2.), then padded with ASCII nulls to an 8 byte + boundary. This string is then fan-folded and eXclusive-ORed with + itself to form an 8 byte DES key. The parity is corrected on the + key, and it is used to generate a DES CBC checksum on the initial + string (with the realm and name appended). Next, parity is corrected + on the CBC checksum. If the result matches a "weak" or "semiweak" + key as described in the DES specification, it is eXclusive-ORed with + the constant 00000000000000F0. Finally, the result is returned as + the key. Pseudocode follows: + + string_to_key(string,realm,name) { + odd = 1; + s = string + realm; + for(each component in name) { + s = s + component; + } + tempkey = NULL; + pad(s); /* with nulls to 8 byte boundary */ + for(8byteblock in s) { + if(odd == 0) { + odd = 1; + reverse(8byteblock) + } + else odd = 0; + tempkey = tempkey XOR 8byteblock; + } + fixparity(tempkey); + key = DES-CBC-check(s,tempkey); + fixparity(key); + if(is_weak_key_key(key)) + key = key XOR 0xF0; + return(key); + } + + + +Kohl & Neuman [Page 73] + +RFC 1510 Kerberos September 1993 + + +6.4. Checksums + + The following is the ASN.1 definition used for a checksum: + + Checksum ::= SEQUENCE { + cksumtype[0] INTEGER, + checksum[1] OCTET STRING + } + + cksumtype This field indicates the algorithm used to generate the + accompanying checksum. + + checksum This field contains the checksum itself, encoded + as an octet string. + + Detailed specification of selected checksum types appear later in + this section. Negative values for the checksum type are reserved for + local use. All non-negative values are reserved for officially + assigned type fields and interpretations. + + Checksums used by Kerberos can be classified by two properties: + whether they are collision-proof, and whether they are keyed. It is + infeasible to find two plaintexts which generate the same checksum + value for a collision-proof checksum. A key is required to perturb + or initialize the algorithm in a keyed checksum. To prevent + message-stream modification by an active attacker, unkeyed checksums + should only be used when the checksum and message will be + subsequently encrypted (e.g., the checksums defined as part of the + encryption algorithms covered earlier in this section). Collision- + proof checksums can be made tamper-proof as well if the checksum + value is encrypted before inclusion in a message. In such cases, the + composition of the checksum and the encryption algorithm must be + considered a separate checksum algorithm (e.g., RSA-MD5 encrypted + using DES is a new checksum algorithm of type RSA-MD5-DES). For most + keyed checksums, as well as for the encrypted forms of collisionproof + checksums, Kerberos prepends a confounder before the checksum is + calculated. + +6.4.1. The CRC-32 Checksum (crc32) + + The CRC-32 checksum calculates a checksum based on a cyclic + redundancy check as described in ISO 3309 [14]. The resulting + checksum is four (4) octets in length. The CRC-32 is neither keyed + nor collision-proof. The use of this checksum is not recommended. + An attacker using a probabilistic chosen-plaintext attack as + described in [13] might be able to generate an alternative message + that satisfies the checksum. The use of collision-proof checksums is + recommended for environments where such attacks represent a + + + +Kohl & Neuman [Page 74] + +RFC 1510 Kerberos September 1993 + + + significant threat. + +6.4.2. The RSA MD4 Checksum (rsa-md4) + + The RSA-MD4 checksum calculates a checksum using the RSA MD4 + algorithm [15]. The algorithm takes as input an input message of + arbitrary length and produces as output a 128-bit (16 octet) + checksum. RSA-MD4 is believed to be collision-proof. + +6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4des) + + The RSA-MD4-DES checksum calculates a keyed collisionproof checksum + by prepending an 8 octet confounder before the text, applying the RSA + MD4 checksum algorithm, and encrypting the confounder and the + checksum using DES in cipher-block-chaining (CBC) mode using a + variant of the key, where the variant is computed by eXclusive-ORing + the key with the constant F0F0F0F0F0F0F0F0 (A variant of the key is + used to limit the use of a key to a particular function, separating + the functions of generating a checksum from other encryption + performed using the session key. The constant F0F0F0F0F0F0F0F0 was + chosen because it maintains key parity. The properties of DES + precluded the use of the complement. The same constant is used for + similar purpose in the Message Integrity Check in the Privacy + Enhanced Mail standard.). The initialization vector should be zero. + The resulting checksum is 24 octets long (8 octets of which are + redundant). This checksum is tamper-proof and believed to be + collision-proof. + + The DES specifications identify some "weak keys"; those keys shall + not be used for generating RSA-MD4 checksums for use in Kerberos. + + The format for the checksum is described in the following diagram: + + +--+--+--+--+--+--+--+-- + | des-cbc(confounder + +--+--+--+--+--+--+--+-- + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + rsa-md4(confounder+msg),key=var(key),iv=0) | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + The format cannot be described in ASN.1, but for those who prefer an + ASN.1-like notation: + + rsa-md4-des-checksum ::= ENCRYPTED UNTAGGED SEQUENCE { + confounder[0] UNTAGGED OCTET STRING(8), + check[1] UNTAGGED OCTET STRING(16) + } + + + +Kohl & Neuman [Page 75] + +RFC 1510 Kerberos September 1993 + + +6.4.4. The RSA MD5 Checksum (rsa-md5) + + The RSA-MD5 checksum calculates a checksum using the RSA MD5 + algorithm [16]. The algorithm takes as input an input message of + arbitrary length and produces as output a 128-bit (16 octet) + checksum. RSA-MD5 is believed to be collision-proof. + +6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5des) + + The RSA-MD5-DES checksum calculates a keyed collisionproof checksum + by prepending an 8 octet confounder before the text, applying the RSA + MD5 checksum algorithm, and encrypting the confounder and the + checksum using DES in cipher-block-chaining (CBC) mode using a + variant of the key, where the variant is computed by eXclusive-ORing + the key with the constant F0F0F0F0F0F0F0F0. The initialization + vector should be zero. The resulting checksum is 24 octets long (8 + octets of which are redundant). This checksum is tamper-proof and + believed to be collision-proof. + + The DES specifications identify some "weak keys"; those keys shall + not be used for encrypting RSA-MD5 checksums for use in Kerberos. + + The format for the checksum is described in the following diagram: + + +--+--+--+--+--+--+--+-- + | des-cbc(confounder + +--+--+--+--+--+--+--+-- + + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + rsa-md5(confounder+msg),key=var(key),iv=0) | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + + The format cannot be described in ASN.1, but for those who prefer an + ASN.1-like notation: + + rsa-md5-des-checksum ::= ENCRYPTED UNTAGGED SEQUENCE { + confounder[0] UNTAGGED OCTET STRING(8), + check[1] UNTAGGED OCTET STRING(16) + } + +6.4.6. DES cipher-block chained checksum (des-mac) + + The DES-MAC checksum is computed by prepending an 8 octet confounder + to the plaintext, performing a DES CBC-mode encryption on the result + using the key and an initialization vector of zero, taking the last + block of the ciphertext, prepending the same confounder and + encrypting the pair using DES in cipher-block-chaining (CBC) mode + using a a variant of the key, where the variant is computed by + + + +Kohl & Neuman [Page 76] + +RFC 1510 Kerberos September 1993 + + + eXclusive-ORing the key with the constant F0F0F0F0F0F0F0F0. The + initialization vector should be zero. The resulting checksum is 128 + bits (16 octets) long, 64 bits of which are redundant. This checksum + is tamper-proof and collision-proof. + + The format for the checksum is described in the following diagram: + + +--+--+--+--+--+--+--+-- + | des-cbc(confounder + +--+--+--+--+--+--+--+-- + + +-----+-----+-----+-----+-----+-----+-----+-----+ + des-mac(conf+msg,iv=0,key),key=var(key),iv=0) | + +-----+-----+-----+-----+-----+-----+-----+-----+ + + The format cannot be described in ASN.1, but for those who prefer an + ASN.1-like notation: + + des-mac-checksum ::= ENCRYPTED UNTAGGED SEQUENCE { + confounder[0] UNTAGGED OCTET STRING(8), + check[1] UNTAGGED OCTET STRING(8) + } + + The DES specifications identify some "weak" and "semiweak" keys; + those keys shall not be used for generating DES-MAC checksums for use + in Kerberos, nor shall a key be used whose veriant is "weak" or + "semi-weak". + +6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative + (rsa-md4-des-k) + + The RSA-MD4-DES-K checksum calculates a keyed collision-proof + checksum by applying the RSA MD4 checksum algorithm and encrypting + the results using DES in cipherblock-chaining (CBC) mode using a DES + key as both key and initialization vector. The resulting checksum is + 16 octets long. This checksum is tamper-proof and believed to be + collision-proof. Note that this checksum type is the old method for + encoding the RSA-MD4-DES checksum and it is no longer recommended. + +6.4.8. DES cipher-block chained checksum alternative (desmac-k) + + The DES-MAC-K checksum is computed by performing a DES CBC-mode + encryption of the plaintext, and using the last block of the + ciphertext as the checksum value. It is keyed with an encryption key + and an initialization vector; any uses which do not specify an + additional initialization vector will use the key as both key and + initialization vector. The resulting checksum is 64 bits (8 octets) + long. This checksum is tamper-proof and collision-proof. Note that + + + +Kohl & Neuman [Page 77] + +RFC 1510 Kerberos September 1993 + + + this checksum type is the old method for encoding the DESMAC checksum + and it is no longer recommended. + + The DES specifications identify some "weak keys"; those keys shall + not be used for generating DES-MAC checksums for use in Kerberos. + +7. Naming Constraints + +7.1. Realm Names + + Although realm names are encoded as GeneralStrings and although a + realm can technically select any name it chooses, interoperability + across realm boundaries requires agreement on how realm names are to + be assigned, and what information they imply. + + To enforce these conventions, each realm must conform to the + conventions itself, and it must require that any realms with which + inter-realm keys are shared also conform to the conventions and + require the same from its neighbors. + + There are presently four styles of realm names: domain, X500, other, + and reserved. Examples of each style follow: + + domain: host.subdomain.domain (example) + X500: C=US/O=OSF (example) + other: NAMETYPE:rest/of.name=without-restrictions (example) + reserved: reserved, but will not conflict with above + + Domain names must look like domain names: they consist of components + separated by periods (.) and they contain neither colons (:) nor + slashes (/). + + X.500 names contain an equal (=) and cannot contain a colon (:) + before the equal. The realm names for X.500 names will be string + representations of the names with components separated by slashes. + Leading and trailing slashes will not be included. + + Names that fall into the other category must begin with a prefix that + contains no equal (=) or period (.) and the prefix must be followed + by a colon (:) and the rest of the name. All prefixes must be + assigned before they may be used. Presently none are assigned. + + The reserved category includes strings which do not fall into the + first three categories. All names in this category are reserved. It + is unlikely that names will be assigned to this category unless there + is a very strong argument for not using the "other" category. + + These rules guarantee that there will be no conflicts between the + + + +Kohl & Neuman [Page 78] + +RFC 1510 Kerberos September 1993 + + + various name styles. The following additional constraints apply to + the assignment of realm names in the domain and X.500 categories: the + name of a realm for the domain or X.500 formats must either be used + by the organization owning (to whom it was assigned) an Internet + domain name or X.500 name, or in the case that no such names are + registered, authority to use a realm name may be derived from the + authority of the parent realm. For example, if there is no domain + name for E40.MIT.EDU, then the administrator of the MIT.EDU realm can + authorize the creation of a realm with that name. + + This is acceptable because the organization to which the parent is + assigned is presumably the organization authorized to assign names to + its children in the X.500 and domain name systems as well. If the + parent assigns a realm name without also registering it in the domain + name or X.500 hierarchy, it is the parent's responsibility to make + sure that there will not in the future exists a name identical to the + realm name of the child unless it is assigned to the same entity as + the realm name. + +7.2. Principal Names + + As was the case for realm names, conventions are needed to ensure + that all agree on what information is implied by a principal name. + The name-type field that is part of the principal name indicates the + kind of information implied by the name. The name-type should be + treated as a hint. Ignoring the name type, no two names can be the + same (i.e., at least one of the components, or the realm, must be + different). This constraint may be eliminated in the future. The + following name types are defined: + + name-type value meaning + NT-UNKNOWN 0 Name type not known + NT-PRINCIPAL 1 Just the name of the principal as in + DCE, or for users + NT-SRV-INST 2 Service and other unique instance (krbtgt) + NT-SRV-HST 3 Service with host name as instance + (telnet, rcommands) + NT-SRV-XHST 4 Service with host as remaining components + NT-UID 5 Unique ID + + When a name implies no information other than its uniqueness at a + particular time the name type PRINCIPAL should be used. The + principal name type should be used for users, and it might also be + used for a unique server. If the name is a unique machine generated + ID that is guaranteed never to be reassigned then the name type of + UID should be used (note that it is generally a bad idea to reassign + names of any type since stale entries might remain in access control + lists). + + + +Kohl & Neuman [Page 79] + +RFC 1510 Kerberos September 1993 + + + If the first component of a name identifies a service and the + remaining components identify an instance of the service in a server + specified manner, then the name type of SRV-INST should be used. An + example of this name type is the Kerberos ticket-granting ticket + which has a first component of krbtgt and a second component + identifying the realm for which the ticket is valid. + + If instance is a single component following the service name and the + instance identifies the host on which the server is running, then the + name type SRV-HST should be used. This type is typically used for + Internet services such as telnet and the Berkeley R commands. If the + separate components of the host name appear as successive components + following the name of the service, then the name type SRVXHST should + be used. This type might be used to identify servers on hosts with + X.500 names where the slash (/) might otherwise be ambiguous. + + A name type of UNKNOWN should be used when the form of the name is + not known. When comparing names, a name of type UNKNOWN will match + principals authenticated with names of any type. A principal + authenticated with a name of type UNKNOWN, however, will only match + other names of type UNKNOWN. + + Names of any type with an initial component of "krbtgt" are reserved + for the Kerberos ticket granting service. See section 8.2.3 for the + form of such names. + +7.2.1. Name of server principals + + The principal identifier for a server on a host will generally be + composed of two parts: (1) the realm of the KDC with which the server + is registered, and (2) a two-component name of type NT-SRV-HST if the + host name is an Internet domain name or a multi-component name of + type NT-SRV-XHST if the name of the host is of a form such as X.500 + that allows slash (/) separators. The first component of the two- or + multi-component name will identify the service and the latter + components will identify the host. Where the name of the host is not + case sensitive (for example, with Internet domain names) the name of + the host must be lower case. For services such as telnet and the + Berkeley R commands which run with system privileges, the first + component will be the string "host" instead of a service specific + identifier. + +8. Constants and other defined values + +8.1. Host address types + + All negative values for the host address type are reserved for local + use. All non-negative values are reserved for officially assigned + + + +Kohl & Neuman [Page 80] + +RFC 1510 Kerberos September 1993 + + + type fields and interpretations. + + The values of the types for the following addresses are chosen to + match the defined address family constants in the Berkeley Standard + Distributions of Unix. They can be found in with + symbolic names AF_xxx (where xxx is an abbreviation of the address + family name). + + + Internet addresses + + Internet addresses are 32-bit (4-octet) quantities, encoded in MSB + order. The type of internet addresses is two (2). + + CHAOSnet addresses + + CHAOSnet addresses are 16-bit (2-octet) quantities, encoded in MSB + order. The type of CHAOSnet addresses is five (5). + + ISO addresses + + ISO addresses are variable-length. The type of ISO addresses is + seven (7). + + Xerox Network Services (XNS) addresses + + XNS addresses are 48-bit (6-octet) quantities, encoded in MSB + order. The type of XNS addresses is six (6). + + AppleTalk Datagram Delivery Protocol (DDP) addresses + + AppleTalk DDP addresses consist of an 8-bit node number and a 16- + bit network number. The first octet of the address is the node + number; the remaining two octets encode the network number in MSB + order. The type of AppleTalk DDP addresses is sixteen (16). + + DECnet Phase IV addresses + + DECnet Phase IV addresses are 16-bit addresses, encoded in LSB + order. The type of DECnet Phase IV addresses is twelve (12). + +8.2. KDC messages + +8.2.1. IP transport + + When contacting a Kerberos server (KDC) for a KRB_KDC_REQ request + using IP transport, the client shall send a UDP datagram containing + only an encoding of the request to port 88 (decimal) at the KDC's IP + + + +Kohl & Neuman [Page 81] + +RFC 1510 Kerberos September 1993 + + + address; the KDC will respond with a reply datagram containing only + an encoding of the reply message (either a KRB_ERROR or a + KRB_KDC_REP) to the sending port at the sender's IP address. + +8.2.2. OSI transport + + During authentication of an OSI client to and OSI server, the mutual + authentication of an OSI server to an OSI client, the transfer of + credentials from an OSI client to an OSI server, or during exchange + of private or integrity checked messages, Kerberos protocol messages + may be treated as opaque objects and the type of the authentication + mechanism will be: + + OBJECT IDENTIFIER ::= {iso (1), org(3), dod(5),internet(1), + security(5), kerberosv5(2)} + + Depending on the situation, the opaque object will be an + authentication header (KRB_AP_REQ), an authentication reply + (KRB_AP_REP), a safe message (KRB_SAFE), a private message + (KRB_PRIV), or a credentials message (KRB_CRED). The opaque data + contains an application code as specified in the ASN.1 description + for each message. The application code may be used by Kerberos to + determine the message type. + +8.2.3. Name of the TGS + + The principal identifier of the ticket-granting service shall be + composed of three parts: (1) the realm of the KDC issuing the TGS + ticket (2) a two-part name of type NT-SRVINST, with the first part + "krbtgt" and the second part the name of the realm which will accept + the ticket-granting ticket. For example, a ticket-granting ticket + issued by the ATHENA.MIT.EDU realm to be used to get tickets from the + ATHENA.MIT.EDU KDC has a principal identifier of "ATHENA.MIT.EDU" + (realm), ("krbtgt", "ATHENA.MIT.EDU") (name). A ticket-granting + ticket issued by the ATHENA.MIT.EDU realm to be used to get tickets + from the MIT.EDU realm has a principal identifier of "ATHENA.MIT.EDU" + (realm), ("krbtgt", "MIT.EDU") (name). + +8.3. Protocol constants and associated values + + The following tables list constants used in the protocol and defines + their meanings. + + + + + + + + + +Kohl & Neuman [Page 82] + +RFC 1510 Kerberos September 1993 + + +---------------+-----------+----------+----------------+--------------- +Encryption type|etype value|block size|minimum pad size|confounder size +---------------+-----------+----------+----------------+--------------- +NULL 0 1 0 0 +des-cbc-crc 1 8 4 8 +des-cbc-md4 2 8 0 8 +des-cbc-md5 3 8 0 8 + +-------------------------------+-------------------+------------- +Checksum type |sumtype value |checksum size +-------------------------------+-------------------+------------- +CRC32 1 4 +rsa-md4 2 16 +rsa-md4-des 3 24 +des-mac 4 16 +des-mac-k 5 8 +rsa-md4-des-k 6 16 +rsa-md5 7 16 +rsa-md5-des 8 24 + +-------------------------------+----------------- +padata type |padata-type value +-------------------------------+----------------- +PA-TGS-REQ 1 +PA-ENC-TIMESTAMP 2 +PA-PW-SALT 3 + +-------------------------------+------------- +authorization data type |ad-type value +-------------------------------+------------- +reserved values 0-63 +OSF-DCE 64 +SESAME 65 + +-------------------------------+----------------- +alternate authentication type |method-type value +-------------------------------+----------------- +reserved values 0-63 +ATT-CHALLENGE-RESPONSE 64 + +-------------------------------+------------- +transited encoding type |tr-type value +-------------------------------+------------- +DOMAIN-X500-COMPRESS 1 +reserved values all others + + + + + + +Kohl & Neuman [Page 83] + +RFC 1510 Kerberos September 1993 + + +--------------+-------+----------------------------------------- +Label |Value |Meaning or MIT code +--------------+-------+----------------------------------------- + +pvno 5 current Kerberos protocol version number + +message types + +KRB_AS_REQ 10 Request for initial authentication +KRB_AS_REP 11 Response to KRB_AS_REQ request +KRB_TGS_REQ 12 Request for authentication based on TGT +KRB_TGS_REP 13 Response to KRB_TGS_REQ request +KRB_AP_REQ 14 application request to server +KRB_AP_REP 15 Response to KRB_AP_REQ_MUTUAL +KRB_SAFE 20 Safe (checksummed) application message +KRB_PRIV 21 Private (encrypted) application message +KRB_CRED 22 Private (encrypted) message to forward + credentials +KRB_ERROR 30 Error response + +name types + +KRB_NT_UNKNOWN 0 Name type not known +KRB_NT_PRINCIPAL 1 Just the name of the principal as in DCE, or + for users +KRB_NT_SRV_INST 2 Service and other unique instance (krbtgt) +KRB_NT_SRV_HST 3 Service with host name as instance (telnet, + rcommands) +KRB_NT_SRV_XHST 4 Service with host as remaining components +KRB_NT_UID 5 Unique ID + +error codes + +KDC_ERR_NONE 0 No error +KDC_ERR_NAME_EXP 1 Client's entry in database has + expired +KDC_ERR_SERVICE_EXP 2 Server's entry in database has + expired +KDC_ERR_BAD_PVNO 3 Requested protocol version number + not supported +KDC_ERR_C_OLD_MAST_KVNO 4 Client's key encrypted in old + master key +KDC_ERR_S_OLD_MAST_KVNO 5 Server's key encrypted in old + master key +KDC_ERR_C_PRINCIPAL_UNKNOWN 6 Client not found in Kerberos database +KDC_ERR_S_PRINCIPAL_UNKNOWN 7 Server not found in Kerberos database +KDC_ERR_PRINCIPAL_NOT_UNIQUE 8 Multiple principal entries in + database + + + +Kohl & Neuman [Page 84] + +RFC 1510 Kerberos September 1993 + + +KDC_ERR_NULL_KEY 9 The client or server has a null key +KDC_ERR_CANNOT_POSTDATE 10 Ticket not eligible for postdating +KDC_ERR_NEVER_VALID 11 Requested start time is later than + end time +KDC_ERR_POLICY 12 KDC policy rejects request +KDC_ERR_BADOPTION 13 KDC cannot accommodate requested + option +KDC_ERR_ETYPE_NOSUPP 14 KDC has no support for encryption + type +KDC_ERR_SUMTYPE_NOSUPP 15 KDC has no support for checksum type +KDC_ERR_PADATA_TYPE_NOSUPP 16 KDC has no support for padata type +KDC_ERR_TRTYPE_NOSUPP 17 KDC has no support for transited type +KDC_ERR_CLIENT_REVOKED 18 Clients credentials have been revoked +KDC_ERR_SERVICE_REVOKED 19 Credentials for server have been + revoked +KDC_ERR_TGT_REVOKED 20 TGT has been revoked +KDC_ERR_CLIENT_NOTYET 21 Client not yet valid - try again + later +KDC_ERR_SERVICE_NOTYET 22 Server not yet valid - try again + later +KDC_ERR_KEY_EXPIRED 23 Password has expired - change + password to reset +KDC_ERR_PREAUTH_FAILED 24 Pre-authentication information + was invalid +KDC_ERR_PREAUTH_REQUIRED 25 Additional pre-authentication + required* +KRB_AP_ERR_BAD_INTEGRITY 31 Integrity check on decrypted field + failed +KRB_AP_ERR_TKT_EXPIRED 32 Ticket expired +KRB_AP_ERR_TKT_NYV 33 Ticket not yet valid +KRB_AP_ERR_REPEAT 34 Request is a replay +KRB_AP_ERR_NOT_US 35 The ticket isn't for us +KRB_AP_ERR_BADMATCH 36 Ticket and authenticator don't match +KRB_AP_ERR_SKEW 37 Clock skew too great +KRB_AP_ERR_BADADDR 38 Incorrect net address +KRB_AP_ERR_BADVERSION 39 Protocol version mismatch +KRB_AP_ERR_MSG_TYPE 40 Invalid msg type +KRB_AP_ERR_MODIFIED 41 Message stream modified +KRB_AP_ERR_BADORDER 42 Message out of order +KRB_AP_ERR_BADKEYVER 44 Specified version of key is not + available +KRB_AP_ERR_NOKEY 45 Service key not available +KRB_AP_ERR_MUT_FAIL 46 Mutual authentication failed +KRB_AP_ERR_BADDIRECTION 47 Incorrect message direction +KRB_AP_ERR_METHOD 48 Alternative authentication method + required* +KRB_AP_ERR_BADSEQ 49 Incorrect sequence number in message +KRB_AP_ERR_INAPP_CKSUM 50 Inappropriate type of checksum in + + + +Kohl & Neuman [Page 85] + +RFC 1510 Kerberos September 1993 + + + message +KRB_ERR_GENERIC 60 Generic error (description in e-text) +KRB_ERR_FIELD_TOOLONG 61 Field is too long for this + implementation + + *This error carries additional information in the e-data field. The + contents of the e-data field for this message is described in section + 5.9.1. + +9. Interoperability requirements + + Version 5 of the Kerberos protocol supports a myriad of options. + Among these are multiple encryption and checksum types, alternative + encoding schemes for the transited field, optional mechanisms for + pre-authentication, the handling of tickets with no addresses, + options for mutual authentication, user to user authentication, + support for proxies, forwarding, postdating, and renewing tickets, + the format of realm names, and the handling of authorization data. + + In order to ensure the interoperability of realms, it is necessary to + define a minimal configuration which must be supported by all + implementations. This minimal configuration is subject to change as + technology does. For example, if at some later date it is discovered + that one of the required encryption or checksum algorithms is not + secure, it will be replaced. + +9.1. Specification 1 + + This section defines the first specification of these options. + Implementations which are configured in this way can be said to + support Kerberos Version 5 Specification 1 (5.1). + + Encryption and checksum methods + + The following encryption and checksum mechanisms must be supported. + Implementations may support other mechanisms as well, but the + additional mechanisms may only be used when communicating with + principals known to also support them: Encryption: DES-CBC-MD5 + Checksums: CRC-32, DES-MAC, DES-MAC-K, and DES-MD5 + + Realm Names + + All implementations must understand hierarchical realms in both the + Internet Domain and the X.500 style. When a ticket granting ticket + for an unknown realm is requested, the KDC must be able to determine + the names of the intermediate realms between the KDCs realm and the + requested realm. + + + + +Kohl & Neuman [Page 86] + +RFC 1510 Kerberos September 1993 + + + Transited field encoding + + DOMAIN-X500-COMPRESS (described in section 3.3.3.1) must be + supported. Alternative encodings may be supported, but they may be + used only when that encoding is supported by ALL intermediate realms. + + Pre-authentication methods + + The TGS-REQ method must be supported. The TGS-REQ method is not used + on the initial request. The PA-ENC-TIMESTAMP method must be supported + by clients but whether it is enabled by default may be determined on + a realm by realm basis. If not used in the initial request and the + error KDC_ERR_PREAUTH_REQUIRED is returned specifying PA-ENCTIMESTAMP + as an acceptable method, the client should retry the initial request + using the PA-ENC-TIMESTAMP preauthentication method. Servers need not + support the PAENC-TIMESTAMP method, but if not supported the server + should ignore the presence of PA-ENC-TIMESTAMP pre-authentication in + a request. + + Mutual authentication + + Mutual authentication (via the KRB_AP_REP message) must be supported. + + Ticket addresses and flags + + All KDC's must pass on tickets that carry no addresses (i.e., if a + TGT contains no addresses, the KDC will return derivative tickets), + but each realm may set its own policy for issuing such tickets, and + each application server will set its own policy with respect to + accepting them. By default, servers should not accept them. + + Proxies and forwarded tickets must be supported. Individual realms + and application servers can set their own policy on when such tickets + will be accepted. + + All implementations must recognize renewable and postdated tickets, + but need not actually implement them. If these options are not + supported, the starttime and endtime in the ticket shall specify a + ticket's entire useful life. When a postdated ticket is decoded by a + server, all implementations shall make the presence of the postdated + flag visible to the calling server. + + User-to-user authentication + + Support for user to user authentication (via the ENC-TKTIN-SKEY KDC + option) must be provided by implementations, but individual realms + may decide as a matter of policy to reject such requests on a per- + principal or realm-wide basis. + + + +Kohl & Neuman [Page 87] + +RFC 1510 Kerberos September 1993 + + + Authorization data + + Implementations must pass all authorization data subfields from + ticket-granting tickets to any derivative tickets unless directed to + suppress a subfield as part of the definition of that registered + subfield type (it is never incorrect to pass on a subfield, and no + registered subfield types presently specify suppression at the KDC). + + Implementations must make the contents of any authorization data + subfields available to the server when a ticket is used. + Implementations are not required to allow clients to specify the + contents of the authorization data fields. + +9.2. Recommended KDC values + + Following is a list of recommended values for a KDC implementation, + based on the list of suggested configuration constants (see section + 4.4). + + minimum lifetime 5 minutes + + maximum renewable lifetime 1 week + + maximum ticket lifetime 1 day + + empty addresses only when suitable restrictions appear + in authorization data + + proxiable, etc. Allowed. + +10. Acknowledgments + + Early versions of this document, describing version 4 of the + protocol, were written by Jennifer Steiner (formerly at Project + Athena); these drafts provided an excellent starting point for this + current version 5 specification. Many people in the Internet + community have contributed ideas and suggested protocol changes for + version 5. Notable contributions came from Ted Anderson, Steve + Bellovin and Michael Merritt [17], Daniel Bernstein, Mike Burrows, + Donald Davis, Ravi Ganesan, Morrie Gasser, Virgil Gligor, Bill + Griffeth, Mark Lillibridge, Mark Lomas, Steve Lunt, Piers McMahon, + Joe Pato, William Sommerfeld, Stuart Stubblebine, Ralph Swick, Ted + T'so, and Stanley Zanarotti. Many others commented and helped shape + this specification into its current form. + + + + + + + +Kohl & Neuman [Page 88] + +RFC 1510 Kerberos September 1993 + + +11. References + + [1] Miller, S., Neuman, C., Schiller, J., and J. Saltzer, "Section + E.2.1: Kerberos Authentication and Authorization System", + M.I.T. Project Athena, Cambridge, Massachusetts, December 21, + 1987. + + [2] Steiner, J., Neuman, C., and J. Schiller, "Kerberos: An + Authentication Service for Open Network Systems", pp. 191-202 in + Usenix Conference Proceedings, Dallas, Texas, February, 1988. + + [3] Needham, R., and M. Schroeder, "Using Encryption for + Authentication in Large Networks of Computers", Communications + of the ACM, Vol. 21 (12), pp. 993-999, December 1978. + + [4] Denning, D., and G. Sacco, "Time stamps in Key Distribution + Protocols", Communications of the ACM, Vol. 24 (8), pp. 533-536, + August 1981. + + [5] Kohl, J., Neuman, C., and T. Ts'o, "The Evolution of the + Kerberos Authentication Service", in an IEEE Computer Society + Text soon to be published, June 1992. + + [6] Davis, D., and R. Swick, "Workstation Services and Kerberos + Authentication at Project Athena", Technical Memorandum TM-424, + MIT Laboratory for Computer Science, February 1990. + + [7] Levine, P., Gretzinger, M, Diaz, J., Sommerfeld, W., and K. + Raeburn, "Section E.1: Service Management System, M.I.T. + Project Athena, Cambridge, Mas sachusetts (1987). + + [8] CCITT, Recommendation X.509: The Directory Authentication + Framework, December 1988. + + [9] Neuman, C., "Proxy-Based Authorization and Accounting for + Distributed Systems," in Proceedings of the 13th International + Conference on Distributed Computing Systems", Pittsburgh, PA, + May 1993. + + [10] Pato, J., "Using Pre-Authentication to Avoid Password Guessing + Attacks", Open Software Foundation DCE Request for Comments 26, + December 1992. + + [11] National Bureau of Standards, U.S. Department of Commerce, "Data + Encryption Standard", Federal Information Processing Standards + Publication 46, Washington, DC (1977). + + + + + +Kohl & Neuman [Page 89] + +RFC 1510 Kerberos September 1993 + + + [12] National Bureau of Standards, U.S. Department of Commerce, "DES + Modes of Operation", Federal Information Processing Standards + Publication 81, Springfield, VA, December 1980. + + [13] Stubblebine S., and V. Gligor, "On Message Integrity in + Cryptographic Protocols", in Proceedings of the IEEE Symposium + on Research in Security and Privacy, Oakland, California, May + 1992. + + [14] International Organization for Standardization, "ISO Information + Processing Systems - Data Communication High-Level Data Link + Control Procedure - Frame Structure", IS 3309, October 1984, 3rd + Edition. + + [15] Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT + Laboratory for Computer Science, April 1992. + + [16] Rivest, R., "The MD5 Message Digest Algorithm", RFC 1321, MIT + Laboratory for Computer Science, April 1992. + + [17] Bellovin S., and M. Merritt, "Limitations of the Kerberos + Authentication System", Computer Communications Review, Vol. + 20(5), pp. 119-132, October 1990. + +12. Security Considerations + + Security issues are discussed throughout this memo. + +13. Authors' Addresses + + John Kohl + Digital Equipment Corporation + 110 Spit Brook Road, M/S ZKO3-3/U14 + Nashua, NH 03062 + + Phone: 603-881-2481 + EMail: jtkohl@zk3.dec.com + + + B. Clifford Neuman + USC/Information Sciences Institute + 4676 Admiralty Way #1001 + Marina del Rey, CA 90292-6695 + + Phone: 310-822-1511 + EMail: bcn@isi.edu + + + + + +Kohl & Neuman [Page 90] + +RFC 1510 Kerberos September 1993 + + +A. Pseudo-code for protocol processing + + This appendix provides pseudo-code describing how the messages are to + be constructed and interpreted by clients and servers. + +A.1. KRB_AS_REQ generation + request.pvno := protocol version; /* pvno = 5 */ + request.msg-type := message type; /* type = KRB_AS_REQ */ + + if(pa_enc_timestamp_required) then + request.padata.padata-type = PA-ENC-TIMESTAMP; + get system_time; + padata-body.patimestamp,pausec = system_time; + encrypt padata-body into request.padata.padata-value + using client.key; /* derived from password */ + endif + + body.kdc-options := users's preferences; + body.cname := user's name; + body.realm := user's realm; + body.sname := service's name; /* usually "krbtgt", + "localrealm" */ + if (body.kdc-options.POSTDATED is set) then + body.from := requested starting time; + else + omit body.from; + endif + body.till := requested end time; + if (body.kdc-options.RENEWABLE is set) then + body.rtime := requested final renewal time; + endif + body.nonce := random_nonce(); + body.etype := requested etypes; + if (user supplied addresses) then + body.addresses := user's addresses; + else + omit body.addresses; + endif + omit body.enc-authorization-data; + request.req-body := body; + + kerberos := lookup(name of local kerberos server (or servers)); + send(packet,kerberos); + + wait(for response); + if (timed_out) then + retry or use alternate server; + endif + + + +Kohl & Neuman [Page 91] + +RFC 1510 Kerberos September 1993 + + +A.2. KRB_AS_REQ verification and KRB_AS_REP generation + decode message into req; + + client := lookup(req.cname,req.realm); + server := lookup(req.sname,req.realm); + get system_time; + kdc_time := system_time.seconds; + + if (!client) then + /* no client in Database */ + error_out(KDC_ERR_C_PRINCIPAL_UNKNOWN); + endif + if (!server) then + /* no server in Database */ + error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN); + endif + + if(client.pa_enc_timestamp_required and + pa_enc_timestamp not present) then + error_out(KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)); + endif + + if(pa_enc_timestamp present) then + decrypt req.padata-value into decrypted_enc_timestamp + using client.key; + using auth_hdr.authenticator.subkey; + if (decrypt_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + if(decrypted_enc_timestamp is not within allowable + skew) then error_out(KDC_ERR_PREAUTH_FAILED); + endif + if(decrypted_enc_timestamp and usec is replay) + error_out(KDC_ERR_PREAUTH_FAILED); + endif + add decrypted_enc_timestamp and usec to replay cache; + endif + + use_etype := first supported etype in req.etypes; + + if (no support for req.etypes) then + error_out(KDC_ERR_ETYPE_NOSUPP); + endif + + new_tkt.vno := ticket version; /* = 5 */ + new_tkt.sname := req.sname; + new_tkt.srealm := req.srealm; + reset all flags in new_tkt.flags; + + + + +Kohl & Neuman [Page 92] + +RFC 1510 Kerberos September 1993 + + + /* It should be noted that local policy may affect the */ + /* processing of any of these flags. For example, some */ + /* realms may refuse to issue renewable tickets */ + + if (req.kdc-options.FORWARDABLE is set) then + set new_tkt.flags.FORWARDABLE; + endif + if (req.kdc-options.PROXIABLE is set) then + set new_tkt.flags.PROXIABLE; + endif + if (req.kdc-options.ALLOW-POSTDATE is set) then + set new_tkt.flags.ALLOW-POSTDATE; + endif + if ((req.kdc-options.RENEW is set) or + (req.kdc-options.VALIDATE is set) or + (req.kdc-options.PROXY is set) or + (req.kdc-options.FORWARDED is set) or + (req.kdc-options.ENC-TKT-IN-SKEY is set)) then + error_out(KDC_ERR_BADOPTION); + endif + + new_tkt.session := random_session_key(); + new_tkt.cname := req.cname; + new_tkt.crealm := req.crealm; + new_tkt.transited := empty_transited_field(); + + new_tkt.authtime := kdc_time; + + if (req.kdc-options.POSTDATED is set) then + if (against_postdate_policy(req.from)) then + error_out(KDC_ERR_POLICY); + endif + set new_tkt.flags.INVALID; + new_tkt.starttime := req.from; + else + omit new_tkt.starttime; /* treated as authtime when + omitted */ + endif + if (req.till = 0) then + till := infinity; + else + till := req.till; + endif + + new_tkt.endtime := min(till, + new_tkt.starttime+client.max_life, + new_tkt.starttime+server.max_life, + new_tkt.starttime+max_life_for_realm); + + + +Kohl & Neuman [Page 93] + +RFC 1510 Kerberos September 1993 + + + if ((req.kdc-options.RENEWABLE-OK is set) and + (new_tkt.endtime < req.till)) then + /* we set the RENEWABLE option for later processing */ + set req.kdc-options.RENEWABLE; + req.rtime := req.till; + endif + + if (req.rtime = 0) then + rtime := infinity; + else + rtime := req.rtime; + endif + + if (req.kdc-options.RENEWABLE is set) then + set new_tkt.flags.RENEWABLE; + new_tkt.renew-till := min(rtime, + new_tkt.starttime+client.max_rlife, + new_tkt.starttime+server.max_rlife, + new_tkt.starttime+max_rlife_for_realm); + else + omit new_tkt.renew-till; /* only present if RENEWABLE */ + endif + + if (req.addresses) then + new_tkt.caddr := req.addresses; + else + omit new_tkt.caddr; + endif + + new_tkt.authorization_data := empty_authorization_data(); + + encode to-be-encrypted part of ticket into OCTET STRING; + new_tkt.enc-part := encrypt OCTET STRING + using etype_for_key(server.key), server.key, server.p_kvno; + + + /* Start processing the response */ + + resp.pvno := 5; + resp.msg-type := KRB_AS_REP; + resp.cname := req.cname; + resp.crealm := req.realm; + resp.ticket := new_tkt; + + resp.key := new_tkt.session; + resp.last-req := fetch_last_request_info(client); + resp.nonce := req.nonce; + resp.key-expiration := client.expiration; + + + +Kohl & Neuman [Page 94] + +RFC 1510 Kerberos September 1993 + + + resp.flags := new_tkt.flags; + + resp.authtime := new_tkt.authtime; + resp.starttime := new_tkt.starttime; + resp.endtime := new_tkt.endtime; + + if (new_tkt.flags.RENEWABLE) then + resp.renew-till := new_tkt.renew-till; + endif + + resp.realm := new_tkt.realm; + resp.sname := new_tkt.sname; + + resp.caddr := new_tkt.caddr; + + encode body of reply into OCTET STRING; + + resp.enc-part := encrypt OCTET STRING + using use_etype, client.key, client.p_kvno; + send(resp); + +A.3. KRB_AS_REP verification + decode response into resp; + + if (resp.msg-type = KRB_ERROR) then + if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) + then set pa_enc_timestamp_required; + goto KRB_AS_REQ; + endif + process_error(resp); + return; + endif + + /* On error, discard the response, and zero the session key */ + /* from the response immediately */ + + key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype, + resp.padata); + unencrypted part of resp := decode of decrypt of resp.enc-part + using resp.enc-part.etype and key; + zero(key); + + if (common_as_rep_tgs_rep_checks fail) then + destroy resp.key; + return error; + endif + + if near(resp.princ_exp) then + + + +Kohl & Neuman [Page 95] + +RFC 1510 Kerberos September 1993 + + + print(warning message); + endif + save_for_later(ticket,session,client,server,times,flags); + +A.4. KRB_AS_REP and KRB_TGS_REP common checks + if (decryption_error() or + (req.cname != resp.cname) or + (req.realm != resp.crealm) or + (req.sname != resp.sname) or + (req.realm != resp.realm) or + (req.nonce != resp.nonce) or + (req.addresses != resp.caddr)) then + destroy resp.key; + return KRB_AP_ERR_MODIFIED; + endif + + /* make sure no flags are set that shouldn't be, and that */ + /* all that should be are set */ + if (!check_flags_for_compatability(req.kdc-options,resp.flags)) + then destroy resp.key; + return KRB_AP_ERR_MODIFIED; + endif + + if ((req.from = 0) and + (resp.starttime is not within allowable skew)) then + destroy resp.key; + return KRB_AP_ERR_SKEW; + endif + if ((req.from != 0) and (req.from != resp.starttime)) then + destroy resp.key; + return KRB_AP_ERR_MODIFIED; + endif + if ((req.till != 0) and (resp.endtime > req.till)) then + destroy resp.key; + return KRB_AP_ERR_MODIFIED; + endif + + if ((req.kdc-options.RENEWABLE is set) and + (req.rtime != 0) and (resp.renew-till > req.rtime)) then + destroy resp.key; + return KRB_AP_ERR_MODIFIED; + endif + if ((req.kdc-options.RENEWABLE-OK is set) and + (resp.flags.RENEWABLE) and + (req.till != 0) and + (resp.renew-till > req.till)) then + destroy resp.key; + return KRB_AP_ERR_MODIFIED; + + + +Kohl & Neuman [Page 96] + +RFC 1510 Kerberos September 1993 + + + endif + +A.5. KRB_TGS_REQ generation + /* Note that make_application_request might have to */ + /* recursivly call this routine to get the appropriate */ + /* ticket-granting ticket */ + + request.pvno := protocol version; /* pvno = 5 */ + request.msg-type := message type; /* type = KRB_TGS_REQ */ + + body.kdc-options := users's preferences; + /* If the TGT is not for the realm of the end-server */ + /* then the sname will be for a TGT for the end-realm */ + /* and the realm of the requested ticket (body.realm) */ + /* will be that of the TGS to which the TGT we are */ + /* sending applies */ + body.sname := service's name; + body.realm := service's realm; + + if (body.kdc-options.POSTDATED is set) then + body.from := requested starting time; + else + omit body.from; + endif + body.till := requested end time; + if (body.kdc-options.RENEWABLE is set) then + body.rtime := requested final renewal time; + endif + body.nonce := random_nonce(); + body.etype := requested etypes; + if (user supplied addresses) then + body.addresses := user's addresses; + else + omit body.addresses; + endif + + body.enc-authorization-data := user-supplied data; + if (body.kdc-options.ENC-TKT-IN-SKEY) then + body.additional-tickets_ticket := second TGT; + endif + + request.req-body := body; + check := generate_checksum (req.body,checksumtype); + + request.padata[0].padata-type := PA-TGS-REQ; + request.padata[0].padata-value := create a KRB_AP_REQ using + the TGT and checksum + + + + +Kohl & Neuman [Page 97] + +RFC 1510 Kerberos September 1993 + + + /* add in any other padata as required/supplied */ + + kerberos := lookup(name of local kerberose server (or servers)); + send(packet,kerberos); + + wait(for response); + if (timed_out) then + retry or use alternate server; + endif + +A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation + /* note that reading the application request requires first + determining the server for which a ticket was issued, and + choosing the correct key for decryption. The name of the + server appears in the plaintext part of the ticket. */ + + if (no KRB_AP_REQ in req.padata) then + error_out(KDC_ERR_PADATA_TYPE_NOSUPP); + endif + verify KRB_AP_REQ in req.padata; + + /* Note that the realm in which the Kerberos server is + operating is determined by the instance from the + ticket-granting ticket. The realm in the ticket-granting + ticket is the realm under which the ticket granting ticket was + issued. It is possible for a single Kerberos server to + support more than one realm. */ + + auth_hdr := KRB_AP_REQ; + tgt := auth_hdr.ticket; + + if (tgt.sname is not a TGT for local realm and is not + req.sname) then error_out(KRB_AP_ERR_NOT_US); + + realm := realm_tgt_is_for(tgt); + + decode remainder of request; + + if (auth_hdr.authenticator.cksum is missing) then + error_out(KRB_AP_ERR_INAPP_CKSUM); + endif + if (auth_hdr.authenticator.cksum type is not supported) then + error_out(KDC_ERR_SUMTYPE_NOSUPP); + endif + if (auth_hdr.authenticator.cksum is not both collision-proof + and keyed) then + error_out(KRB_AP_ERR_INAPP_CKSUM); + endif + + + +Kohl & Neuman [Page 98] + +RFC 1510 Kerberos September 1993 + + + set computed_checksum := checksum(req); + if (computed_checksum != auth_hdr.authenticatory.cksum) then + error_out(KRB_AP_ERR_MODIFIED); + endif + + server := lookup(req.sname,realm); + + if (!server) then + if (is_foreign_tgt_name(server)) then + server := best_intermediate_tgs(server); + else + /* no server in Database */ + error_out(KDC_ERR_S_PRINCIPAL_UNKNOWN); + endif + endif + + session := generate_random_session_key(); + + + use_etype := first supported etype in req.etypes; + + if (no support for req.etypes) then + error_out(KDC_ERR_ETYPE_NOSUPP); + endif + + new_tkt.vno := ticket version; /* = 5 */ + new_tkt.sname := req.sname; + new_tkt.srealm := realm; + reset all flags in new_tkt.flags; + + /* It should be noted that local policy may affect the */ + /* processing of any of these flags. For example, some */ + /* realms may refuse to issue renewable tickets */ + + new_tkt.caddr := tgt.caddr; + resp.caddr := NULL; /* We only include this if they change */ + if (req.kdc-options.FORWARDABLE is set) then + if (tgt.flags.FORWARDABLE is reset) then + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.FORWARDABLE; + endif + if (req.kdc-options.FORWARDED is set) then + if (tgt.flags.FORWARDABLE is reset) then + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.FORWARDED; + new_tkt.caddr := req.addresses; + + + +Kohl & Neuman [Page 99] + +RFC 1510 Kerberos September 1993 + + + resp.caddr := req.addresses; + endif + if (tgt.flags.FORWARDED is set) then + set new_tkt.flags.FORWARDED; + endif + + if (req.kdc-options.PROXIABLE is set) then + if (tgt.flags.PROXIABLE is reset) + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.PROXIABLE; + endif + if (req.kdc-options.PROXY is set) then + if (tgt.flags.PROXIABLE is reset) then + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.PROXY; + new_tkt.caddr := req.addresses; + resp.caddr := req.addresses; + endif + + if (req.kdc-options.POSTDATE is set) then + if (tgt.flags.POSTDATE is reset) + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.POSTDATE; + endif + if (req.kdc-options.POSTDATED is set) then + if (tgt.flags.POSTDATE is reset) then + error_out(KDC_ERR_BADOPTION); + endif + set new_tkt.flags.POSTDATED; + set new_tkt.flags.INVALID; + if (against_postdate_policy(req.from)) then + error_out(KDC_ERR_POLICY); + endif + new_tkt.starttime := req.from; + endif + + + if (req.kdc-options.VALIDATE is set) then + if (tgt.flags.INVALID is reset) then + error_out(KDC_ERR_POLICY); + endif + if (tgt.starttime > kdc_time) then + error_out(KRB_AP_ERR_NYV); + endif + if (check_hot_list(tgt)) then + + + +Kohl & Neuman [Page 100] + +RFC 1510 Kerberos September 1993 + + + error_out(KRB_AP_ERR_REPEAT); + endif + tkt := tgt; + reset new_tkt.flags.INVALID; + endif + + if (req.kdc-options.(any flag except ENC-TKT-IN-SKEY, RENEW, + and those already processed) is set) then + error_out(KDC_ERR_BADOPTION); + endif + + new_tkt.authtime := tgt.authtime; + + if (req.kdc-options.RENEW is set) then + /* Note that if the endtime has already passed, the ticket */ + /* would have been rejected in the initial authentication */ + /* stage, so there is no need to check again here */ + if (tgt.flags.RENEWABLE is reset) then + error_out(KDC_ERR_BADOPTION); + endif + if (tgt.renew-till >= kdc_time) then + error_out(KRB_AP_ERR_TKT_EXPIRED); + endif + tkt := tgt; + new_tkt.starttime := kdc_time; + old_life := tgt.endttime - tgt.starttime; + new_tkt.endtime := min(tgt.renew-till, + new_tkt.starttime + old_life); + else + new_tkt.starttime := kdc_time; + if (req.till = 0) then + till := infinity; + else + till := req.till; + endif + new_tkt.endtime := min(till, + new_tkt.starttime+client.max_life, + new_tkt.starttime+server.max_life, + new_tkt.starttime+max_life_for_realm, + tgt.endtime); + + if ((req.kdc-options.RENEWABLE-OK is set) and + (new_tkt.endtime < req.till) and + (tgt.flags.RENEWABLE is set) then + /* we set the RENEWABLE option for later */ + /* processing */ + set req.kdc-options.RENEWABLE; + req.rtime := min(req.till, tgt.renew-till); + + + +Kohl & Neuman [Page 101] + +RFC 1510 Kerberos September 1993 + + + endif + endif + + if (req.rtime = 0) then + rtime := infinity; + else + rtime := req.rtime; + endif + + if ((req.kdc-options.RENEWABLE is set) and + (tgt.flags.RENEWABLE is set)) then + set new_tkt.flags.RENEWABLE; + new_tkt.renew-till := min(rtime, + new_tkt.starttime+client.max_rlife, + new_tkt.starttime+server.max_rlife, + new_tkt.starttime+max_rlife_for_realm, + tgt.renew-till); + else + new_tkt.renew-till := OMIT; + /* leave the renew-till field out */ + endif + if (req.enc-authorization-data is present) then + decrypt req.enc-authorization-data + into decrypted_authorization_data + using auth_hdr.authenticator.subkey; + if (decrypt_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + endif + new_tkt.authorization_data := + req.auth_hdr.ticket.authorization_data + + decrypted_authorization_data; + + new_tkt.key := session; + new_tkt.crealm := tgt.crealm; + new_tkt.cname := req.auth_hdr.ticket.cname; + + if (realm_tgt_is_for(tgt) := tgt.realm) then + /* tgt issued by local realm */ + new_tkt.transited := tgt.transited; + else + /* was issued for this realm by some other realm */ + if (tgt.transited.tr-type not supported) then + error_out(KDC_ERR_TRTYPE_NOSUPP); + endif + new_tkt.transited + := compress_transited(tgt.transited + tgt.realm) + endif + + + +Kohl & Neuman [Page 102] + +RFC 1510 Kerberos September 1993 + + + encode encrypted part of new_tkt into OCTET STRING; + if (req.kdc-options.ENC-TKT-IN-SKEY is set) then + if (server not specified) then + server = req.second_ticket.client; + endif + if ((req.second_ticket is not a TGT) or + (req.second_ticket.client != server)) then + error_out(KDC_ERR_POLICY); + endif + + new_tkt.enc-part := encrypt OCTET STRING using + using etype_for_key(second-ticket.key), + second-ticket.key; + else + new_tkt.enc-part := encrypt OCTET STRING + using etype_for_key(server.key), server.key, + server.p_kvno; + endif + + resp.pvno := 5; + resp.msg-type := KRB_TGS_REP; + resp.crealm := tgt.crealm; + resp.cname := tgt.cname; + resp.ticket := new_tkt; + + resp.key := session; + resp.nonce := req.nonce; + resp.last-req := fetch_last_request_info(client); + resp.flags := new_tkt.flags; + + resp.authtime := new_tkt.authtime; + resp.starttime := new_tkt.starttime; + resp.endtime := new_tkt.endtime; + + omit resp.key-expiration; + + resp.sname := new_tkt.sname; + resp.realm := new_tkt.realm; + + if (new_tkt.flags.RENEWABLE) then + resp.renew-till := new_tkt.renew-till; + endif + + + encode body of reply into OCTET STRING; + + if (req.padata.authenticator.subkey) + resp.enc-part := encrypt OCTET STRING using use_etype, + + + +Kohl & Neuman [Page 103] + +RFC 1510 Kerberos September 1993 + + + req.padata.authenticator.subkey; + else resp.enc-part := encrypt OCTET STRING + using use_etype, tgt.key; + + send(resp); + +A.7. KRB_TGS_REP verification + decode response into resp; + + if (resp.msg-type = KRB_ERROR) then + process_error(resp); + return; + endif + + /* On error, discard the response, and zero the session key from + the response immediately */ + + if (req.padata.authenticator.subkey) + unencrypted part of resp := + decode of decrypt of resp.enc-part + using resp.enc-part.etype and subkey; + else unencrypted part of resp := + decode of decrypt of resp.enc-part + using resp.enc-part.etype and tgt's session key; + if (common_as_rep_tgs_rep_checks fail) then + destroy resp.key; + return error; + endif + + check authorization_data as necessary; + save_for_later(ticket,session,client,server,times,flags); + +A.8. Authenticator generation + body.authenticator-vno := authenticator vno; /* = 5 */ + body.cname, body.crealm := client name; + if (supplying checksum) then + body.cksum := checksum; + endif + get system_time; + body.ctime, body.cusec := system_time; + if (selecting sub-session key) then + select sub-session key; + body.subkey := sub-session key; + endif + if (using sequence numbers) then + select initial sequence number; + body.seq-number := initial sequence; + endif + + + +Kohl & Neuman [Page 104] + +RFC 1510 Kerberos September 1993 + + +A.9. KRB_AP_REQ generation + obtain ticket and session_key from cache; + + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_AP_REQ */ + + if (desired(MUTUAL_AUTHENTICATION)) then + set packet.ap-options.MUTUAL-REQUIRED; + else + reset packet.ap-options.MUTUAL-REQUIRED; + endif + if (using session key for ticket) then + set packet.ap-options.USE-SESSION-KEY; + else + reset packet.ap-options.USE-SESSION-KEY; + endif + packet.ticket := ticket; /* ticket */ + generate authenticator; + encode authenticator into OCTET STRING; + encrypt OCTET STRING into packet.authenticator + using session_key; + +A.10. KRB_AP_REQ verification + receive packet; + if (packet.pvno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.msg-type != KRB_AP_REQ) then + error_out(KRB_AP_ERR_MSG_TYPE); + endif + if (packet.ticket.tkt_vno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.ap_options.USE-SESSION-KEY is set) then + retrieve session key from ticket-granting ticket for + packet.ticket.{sname,srealm,enc-part.etype}; + else + retrieve service key for + packet.ticket.{sname,srealm,enc-part.etype,enc-part.skvno}; + endif + if (no_key_available) then + if (cannot_find_specified_skvno) then + error_out(KRB_AP_ERR_BADKEYVER); + else + error_out(KRB_AP_ERR_NOKEY); + endif + + + +Kohl & Neuman [Page 105] + +RFC 1510 Kerberos September 1993 + + + endif + decrypt packet.ticket.enc-part into decr_ticket + using retrieved key; + if (decryption_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + decrypt packet.authenticator into decr_authenticator + using decr_ticket.key; + if (decryption_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + if (decr_authenticator.{cname,crealm} != + decr_ticket.{cname,crealm}) then + error_out(KRB_AP_ERR_BADMATCH); + endif + if (decr_ticket.caddr is present) then + if (sender_address(packet) is not in decr_ticket.caddr) + then error_out(KRB_AP_ERR_BADADDR); + endif + elseif (application requires addresses) then + error_out(KRB_AP_ERR_BADADDR); + endif + if (not in_clock_skew(decr_authenticator.ctime, + decr_authenticator.cusec)) then + error_out(KRB_AP_ERR_SKEW); + endif + if (repeated(decr_authenticator.{ctime,cusec,cname,crealm})) + then error_out(KRB_AP_ERR_REPEAT); + endif + save_identifier(decr_authenticator.{ctime,cusec,cname,crealm}); + get system_time; + if ((decr_ticket.starttime-system_time > CLOCK_SKEW) or + (decr_ticket.flags.INVALID is set)) then + /* it hasn't yet become valid */ + error_out(KRB_AP_ERR_TKT_NYV); + endif + if (system_time-decr_ticket.endtime > CLOCK_SKEW) then + error_out(KRB_AP_ERR_TKT_EXPIRED); + endif + /* caller must check decr_ticket.flags for any pertinent */ + /* details */ + return(OK, decr_ticket, packet.ap_options.MUTUAL-REQUIRED); + +A.11. KRB_AP_REP generation + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_AP_REP */ + body.ctime := packet.ctime; + body.cusec := packet.cusec; + + + +Kohl & Neuman [Page 106] + +RFC 1510 Kerberos September 1993 + + + if (selecting sub-session key) then + select sub-session key; + body.subkey := sub-session key; + endif + if (using sequence numbers) then + select initial sequence number; + body.seq-number := initial sequence; + endif + + encode body into OCTET STRING; + + select encryption type; + encrypt OCTET STRING into packet.enc-part; + +A.12. KRB_AP_REP verification + receive packet; + if (packet.pvno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.msg-type != KRB_AP_REP) then + error_out(KRB_AP_ERR_MSG_TYPE); + endif + cleartext := decrypt(packet.enc-part) + using ticket's session key; + if (decryption_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + if (cleartext.ctime != authenticator.ctime) then + error_out(KRB_AP_ERR_MUT_FAIL); + endif + if (cleartext.cusec != authenticator.cusec) then + error_out(KRB_AP_ERR_MUT_FAIL); + endif + if (cleartext.subkey is present) then + save cleartext.subkey for future use; + endif + if (cleartext.seq-number is present) then + save cleartext.seq-number for future verifications; + endif + return(AUTHENTICATION_SUCCEEDED); + +A.13. KRB_SAFE generation + collect user data in buffer; + + /* assemble packet: */ + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_SAFE */ + + + +Kohl & Neuman [Page 107] + +RFC 1510 Kerberos September 1993 + + + body.user-data := buffer; /* DATA */ + if (using timestamp) then + get system_time; + body.timestamp, body.usec := system_time; + endif + if (using sequence numbers) then + body.seq-number := sequence number; + endif + body.s-address := sender host addresses; + if (only one recipient) then + body.r-address := recipient host address; + endif + checksum.cksumtype := checksum type; + compute checksum over body; + checksum.checksum := checksum value; /* checksum.checksum */ + packet.cksum := checksum; + packet.safe-body := body; + +A.14. KRB_SAFE verification + receive packet; + if (packet.pvno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.msg-type != KRB_SAFE) then + error_out(KRB_AP_ERR_MSG_TYPE); + endif + if (packet.checksum.cksumtype is not both collision-proof + and keyed) then + error_out(KRB_AP_ERR_INAPP_CKSUM); + endif + if (safe_priv_common_checks_ok(packet)) then + set computed_checksum := checksum(packet.body); + if (computed_checksum != packet.checksum) then + error_out(KRB_AP_ERR_MODIFIED); + endif + return (packet, PACKET_IS_GENUINE); + else + return common_checks_error; + endif + +A.15. KRB_SAFE and KRB_PRIV common checks + if (packet.s-address != O/S_sender(packet)) then + /* O/S report of sender not who claims to have sent it */ + error_out(KRB_AP_ERR_BADADDR); + endif + if ((packet.r-address is present) and + (packet.r-address != local_host_address)) then + + + +Kohl & Neuman [Page 108] + +RFC 1510 Kerberos September 1993 + + + /* was not sent to proper place */ + error_out(KRB_AP_ERR_BADADDR); + endif + if (((packet.timestamp is present) and + (not in_clock_skew(packet.timestamp,packet.usec))) or + (packet.timestamp is not present and timestamp expected)) + then error_out(KRB_AP_ERR_SKEW); + endif + if (repeated(packet.timestamp,packet.usec,packet.s-address)) + then error_out(KRB_AP_ERR_REPEAT); + endif + if (((packet.seq-number is present) and + ((not in_sequence(packet.seq-number)))) or + (packet.seq-number is not present and sequence expected)) + then error_out(KRB_AP_ERR_BADORDER); + endif + if (packet.timestamp not present and + packet.seq-number not present) then + error_out(KRB_AP_ERR_MODIFIED); + endif + + save_identifier(packet.{timestamp,usec,s-address}, + sender_principal(packet)); + + return PACKET_IS_OK; + +A.16. KRB_PRIV generation + collect user data in buffer; + + /* assemble packet: */ + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_PRIV */ + + packet.enc-part.etype := encryption type; + + body.user-data := buffer; + if (using timestamp) then + get system_time; + body.timestamp, body.usec := system_time; + endif + if (using sequence numbers) then + body.seq-number := sequence number; + endif + body.s-address := sender host addresses; + if (only one recipient) then + body.r-address := recipient host address; + endif + + + + +Kohl & Neuman [Page 109] + +RFC 1510 Kerberos September 1993 + + + encode body into OCTET STRING; + + select encryption type; + encrypt OCTET STRING into packet.enc-part.cipher; + +A.17. KRB_PRIV verification + receive packet; + if (packet.pvno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.msg-type != KRB_PRIV) then + error_out(KRB_AP_ERR_MSG_TYPE); + endif + + cleartext := decrypt(packet.enc-part) using negotiated key; + if (decryption_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + + if (safe_priv_common_checks_ok(cleartext)) then + return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED); + else + return common_checks_error; + endif + +A.18. KRB_CRED generation + invoke KRB_TGS; /* obtain tickets to be provided to peer */ + + /* assemble packet: */ + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_CRED */ + + for (tickets[n] in tickets to be forwarded) do + packet.tickets[n] = tickets[n].ticket; + done + + packet.enc-part.etype := encryption type; + + for (ticket[n] in tickets to be forwarded) do + body.ticket-info[n].key = tickets[n].session; + body.ticket-info[n].prealm = tickets[n].crealm; + body.ticket-info[n].pname = tickets[n].cname; + body.ticket-info[n].flags = tickets[n].flags; + body.ticket-info[n].authtime = tickets[n].authtime; + body.ticket-info[n].starttime = tickets[n].starttime; + body.ticket-info[n].endtime = tickets[n].endtime; + body.ticket-info[n].renew-till = tickets[n].renew-till; + + + +Kohl & Neuman [Page 110] + +RFC 1510 Kerberos September 1993 + + + body.ticket-info[n].srealm = tickets[n].srealm; + body.ticket-info[n].sname = tickets[n].sname; + body.ticket-info[n].caddr = tickets[n].caddr; + done + + get system_time; + body.timestamp, body.usec := system_time; + + if (using nonce) then + body.nonce := nonce; + endif + + if (using s-address) then + body.s-address := sender host addresses; + endif + if (limited recipients) then + body.r-address := recipient host address; + endif + + encode body into OCTET STRING; + + select encryption type; + encrypt OCTET STRING into packet.enc-part.cipher + using negotiated encryption key; + +A.19. KRB_CRED verification + receive packet; + if (packet.pvno != 5) then + either process using other protocol spec + or error_out(KRB_AP_ERR_BADVERSION); + endif + if (packet.msg-type != KRB_CRED) then + error_out(KRB_AP_ERR_MSG_TYPE); + endif + + cleartext := decrypt(packet.enc-part) using negotiated key; + if (decryption_error()) then + error_out(KRB_AP_ERR_BAD_INTEGRITY); + endif + if ((packet.r-address is present or required) and + (packet.s-address != O/S_sender(packet)) then + /* O/S report of sender not who claims to have sent it */ + error_out(KRB_AP_ERR_BADADDR); + endif + if ((packet.r-address is present) and + (packet.r-address != local_host_address)) then + /* was not sent to proper place */ + error_out(KRB_AP_ERR_BADADDR); + + + +Kohl & Neuman [Page 111] + +RFC 1510 Kerberos September 1993 + + + endif + if (not in_clock_skew(packet.timestamp,packet.usec)) then + error_out(KRB_AP_ERR_SKEW); + endif + if (repeated(packet.timestamp,packet.usec,packet.s-address)) + then error_out(KRB_AP_ERR_REPEAT); + endif + if (packet.nonce is required or present) and + (packet.nonce != expected-nonce) then + error_out(KRB_AP_ERR_MODIFIED); + endif + + for (ticket[n] in tickets that were forwarded) do + save_for_later(ticket[n],key[n],principal[n], + server[n],times[n],flags[n]); + return + +A.20. KRB_ERROR generation + + /* assemble packet: */ + packet.pvno := protocol version; /* 5 */ + packet.msg-type := message type; /* KRB_ERROR */ + + get system_time; + packet.stime, packet.susec := system_time; + packet.realm, packet.sname := server name; + + if (client time available) then + packet.ctime, packet.cusec := client_time; + endif + packet.error-code := error code; + if (client name available) then + packet.cname, packet.crealm := client name; + endif + if (error text available) then + packet.e-text := error text; + endif + if (error data available) then + packet.e-data := error data; + endif + + + + + + + + + + + +Kohl & Neuman [Page 112] + \ No newline at end of file diff --git a/doc/old-V4-docs/README b/doc/old-V4-docs/README new file mode 100644 index 000000000..8858655cb --- /dev/null +++ b/doc/old-V4-docs/README @@ -0,0 +1,4 @@ +These documentation files are old --- and refer to the Kerberos V4 +implementation. They are included because the equivalent V5 documentation +set have not been written yet, and the concepts contained in these documents +may be helpful. diff --git a/doc/old-V4-docs/installation.PS b/doc/old-V4-docs/installation.PS new file mode 100644 index 000000000..7609d4e64 --- /dev/null +++ b/doc/old-V4-docs/installation.PS @@ -0,0 +1,2338 @@ +%!PS-Adobe-2.0 +%%Title: installation.mss +%%DocumentFonts: (atend) +%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) +%%CreationDate: 4 January 1990 11:56 +%%Pages: (atend) +%%EndComments +% PostScript Prelude for Scribe. +/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def +/ES {showpage SV restore} bind def +/SC {setrgbcolor} bind def +/FMTX matrix def +/RDF {WFT SLT 0.0 eq + {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} + {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} + ifelse makefont setfont} bind def +/SLT 0.0 def +/SI { /SLT exch cvr def RDF} bind def +/WFT /Courier findfont def +/SF { /WFT exch findfont def RDF} bind def +/SSZ 1000.0 def +/SS { /SSZ exch 100.0 mul def RDF} bind def +/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def +/MT /moveto load def +/XM {currentpoint exch pop moveto} bind def +/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto + setlinewidth 0.0 rlineto stroke grestore} bind def +/LH {gsave newpath moveto setlinewidth + 0.0 rlineto + gsave stroke grestore} bind def +/LV {gsave newpath moveto setlinewidth + 0.0 exch rlineto + gsave stroke grestore} bind def +/BX {gsave newpath moveto setlinewidth + exch + dup 0.0 rlineto + exch 0.0 exch neg rlineto + neg 0.0 rlineto + closepath + gsave stroke grestore} bind def +/BX1 {grestore} bind def +/BX2 {setlinewidth 1 setgray stroke grestore} bind def +/PB {/PV save def newpath translate + 100.0 -100.0 scale pop /showpage {} def} bind def +/PE {PV restore} bind def +/GB {/PV save def newpath translate rotate + div dup scale 100.0 -100.0 scale /showpage {} def} bind def +/GE {PV restore} bind def +/FB {dict dup /FontMapDict exch def begin} bind def +/FM {cvn exch cvn exch def} bind def +/FE {end /original-findfont /findfont load def /findfont + {dup FontMapDict exch known{FontMapDict exch get} if + original-findfont} def} bind def +/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def +/EC /grestore load def +/SH /show load def +/MX {exch show 0.0 rmoveto} bind def +/W {0 32 4 -1 roll widthshow} bind def +/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def +/RC {100.0 -100.0 scale +612.0 0.0 translate +-90.0 rotate +.01 -.01 scale} bind def +/URC {100.0 -100.0 scale +90.0 rotate +-612.0 0.0 translate +.01 -.01 scale} bind def +/RCC {100.0 -100.0 scale +0.0 -792.0 translate 90.0 rotate +.01 -.01 scale} bind def +/URCC {100.0 -100.0 scale +-90.0 rotate 0.0 792.0 translate +.01 -.01 scale} bind def +%%EndProlog +%%Page: 0 1 +BS +0 SI +20 /Times-Bold AF +18823 13788 MT +(Kerberos Installation Notes)SH +27156 15798 MT +(DRAFT)SH +16 /Times-Roman AF +27021 23502 MT +(Bill Bryant)SH +25557 25150 MT +(Jennifer Steiner)SH +27289 26798 MT +(John Kohl)SH +23957 30444 MT +(Project Athena, MIT)SH +/Times-Bold SF +19489 36042 MT +(Initial Release, January 24, 1989)SH +/Times-Italic SF +17558 37690 MT +(\050plus later patches through patchlevel 7\051)SH +11 /Times-Roman AF +7200 45644 MT +(The release consists of three parts.)SH +7200 47942 MT +(The first part consists of the core Kerberos system, which was developed at MIT and does not require)SH +7200 49138 MT +(additional licenses for us to distribute. Included in this part are the Kerberos authentication server, the)SH +7200 50334 MT +(Kerberos library, the)SH +/Times-Italic SF +16606 XM +(ndbm)SH +/Times-Roman SF +19325 XM +(database interface library, user programs, administration programs, manual)SH +7200 51530 MT +(pages, some applications which use Kerberos for authentication, and some utilities.)SH +7200 53828 MT +(The second part is the Data Encryption Standard \050DES\051 library, which we are distributing only within the)SH +7200 55024 MT +(United States.)SH +7200 57322 MT +(The third part contains Kerberos modifications to Sun's NFS, which we distribute as ``context diffs'' to)SH +7200 58518 MT +(the Sun NFS source code. Its distribution is controlled to provide an accounting of who has retrieved the)SH +7200 59714 MT +(patches, so that Project Athena can comply with its agreements with Sun regarding distribution of these)SH +7200 60910 MT +(changes.)SH +ES +%%Page: 1 2 +BS +0 SI +16 /Times-Bold AF +7200 8272 MT +(1. Organization) +400 W( of the Source Directory)SH +11 /Times-Roman AF +7200 10467 MT +(The Kerberos building and installation process, as described in this document, builds the binaries and)SH +7200 11663 MT +(executables from the files contained in the Kerberos source tree, and deposits them in a separate object)SH +7200 12859 MT +(tree. This) +275 W( is intended to easily support several different build trees from a single source tree \050this is useful)SH +7200 14055 MT +(if you support several machine architectures\051. We suggest that you copy the Kerberos sources into a)SH +/Times-Italic SF +7200 15251 MT +(/mit/kerberos/src)SH +/Times-Roman SF +14991 XM +(directory, and create as well a)SH +/Times-Italic SF +28396 XM +(/mit/kerberos/obj)SH +/Times-Roman SF +36249 XM +(directory in which to hold the)SH +7200 16447 MT +(executables. In) +275 W( the rest of this document, we'll refer to the Kerberos source and object directories as)SH +7200 17643 MT +([SOURCE_DIR] and [OBJ_DIR], respectively.)SH +7200 19941 MT +(Below is a brief overview of the organization of the complete source directory. More detailed)SH +7200 21137 MT +(descriptions follow.)SH +/Times-Bold SF +7200 23088 MT +(admin)SH +/Times-Roman SF +18200 XM +(utilities for the Kerberos administrator)SH +/Times-Bold SF +7200 24783 MT +(appl)SH +/Times-Roman SF +18200 XM +(applications that use Kerberos)SH +/Times-Bold SF +7200 26478 MT +(appl/bsd)SH +/Times-Roman SF +18200 XM +(Berkeley's rsh/rlogin suite, using Kerberos)SH +/Times-Bold SF +7200 28173 MT +(appl/knetd)SH +/Times-Roman SF +18200 XM +(\050old\051 software for inetd-like multiplexing of a single TCP listening port)SH +/Times-Bold SF +7200 29868 MT +(appl/sample)SH +/Times-Roman SF +18200 XM +(sample application servers and clients)SH +/Times-Bold SF +7200 31563 MT +(appl/tftp)SH +/Times-Roman SF +18200 XM +(Trivial File Transfer Protocol, using Kerberos)SH +/Times-Bold SF +7200 33258 MT +(include)SH +/Times-Roman SF +18200 XM +(include files)SH +/Times-Bold SF +7200 34953 MT +(kadmin)SH +/Times-Roman SF +18200 XM +(remote administrative interface to the Kerberos master database)SH +/Times-Bold SF +7200 36648 MT +(kuser)SH +/Times-Roman SF +18200 XM +(assorted user programs)SH +/Times-Bold SF +7200 38343 MT +(lib)SH +/Times-Roman SF +18200 XM +(libraries for use with/by Kerberos)SH +/Times-Bold SF +7200 40038 MT +(lib/acl)SH +/Times-Roman SF +18200 XM +(Access Control List library)SH +/Times-Bold SF +7200 41733 MT +(lib/des)SH +/Times-Roman SF +18200 XM +(Data Encryption Standard library \050US only\051)SH +/Times-Bold SF +7200 43428 MT +(lib/kadm)SH +/Times-Roman SF +18200 XM +(administrative interface library)SH +/Times-Bold SF +7200 45123 MT +(lib/kdb)SH +/Times-Roman SF +18200 XM +(Kerberos server library interface to)SH +/Times-Italic SF +33925 XM +(ndbm)SH +/Times-Bold SF +7200 46818 MT +(lib/knet)SH +/Times-Roman SF +18200 XM +(\050old\051 library for use with)SH +/Times-Bold SF +29349 XM +(knetd)SH +7200 48513 MT +(lib/krb)SH +/Times-Roman SF +18200 XM +(Kerberos library)SH +/Times-Bold SF +7200 50208 MT +(man)SH +/Times-Roman SF +18200 XM +(manual pages)SH +/Times-Bold SF +7200 51903 MT +(prototypes)SH +/Times-Roman SF +18200 XM +(sample configuration files)SH +/Times-Bold SF +7200 53598 MT +(server)SH +/Times-Roman SF +18200 XM +(the authentication server)SH +/Times-Bold SF +7200 55293 MT +(slave)SH +/Times-Roman SF +18200 XM +(Kerberos slave database propagation software)SH +/Times-Bold SF +7200 56988 MT +(tools)SH +/Times-Roman SF +18200 XM +(shell scripts for maintaining the source tree)SH +/Times-Bold SF +7200 58683 MT +(util)SH +/Times-Roman SF +18200 XM +(utilities)SH +/Times-Bold SF +7200 60378 MT +(util/imake)SH +/Times-Roman SF +18200 XM +(Imakefile-to-Makefile ``compilation'' tool)SH +/Times-Bold SF +7200 62073 MT +(util/ss)SH +/Times-Roman SF +18200 XM +(Sub-system library \050for command line subsystems\051)SH +/Times-Bold SF +7200 63768 MT +(util/et)SH +/Times-Roman SF +18200 XM +(Error-table library \050for independent, unique error codes\051)SH +/Times-Bold SF +7200 65463 MT +(util/makedepend)SH +/Times-Roman SF +18200 XM +(Makefile dependency generator tool)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(1)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 2 3 +BS +0 SI +14 /Times-Bold AF +7200 8167 MT +(1.1 The)350 W +/Times-BoldItalic SF +12334 XM +(admin)SH +/Times-Bold SF +16340 XM +(Directory)SH +11 /Times-Roman AF +7200 10362 MT +(This directory contains source for the Kerberos master database administration tools.)SH +/Times-Bold SF +7200 12313 MT +(kdb_init)SH +/Times-Roman SF +18200 XM +(This program creates and initializes the Kerberos master database. It prompts)SH +18200 13509 MT +(for a Kerberos realmname, and the Kerberos master password.)SH +/Times-Bold SF +7200 15204 MT +(kstash)SH +/Times-Roman SF +18200 XM +(This program ``stashes'' the master password in the file)SH +/Times-Italic SF +43033 XM +(/.k)SH +/Times-Roman SF +44377 XM +(so that the master)SH +18200 16400 MT +(server machine can restart the Kerberos server automatically after an unattended)SH +18200 17596 MT +(reboot. The) +275 W( hidden password is also available to administrative programs that)SH +18200 18792 MT +(have been set to run automatically.)SH +/Times-Bold SF +7200 20487 MT +(kdb_edit)SH +/Times-Roman SF +18200 XM +(This program is a low-level tool for editing the master database.)SH +/Times-Bold SF +7200 22182 MT +(kdb_destroy)SH +/Times-Roman SF +18200 XM +(This program deletes the master database.)SH +/Times-Bold SF +7200 23877 MT +(kdb_util)SH +/Times-Roman SF +18200 XM +(This program can be used to dump the master database into an ascii file, and can)SH +18200 25073 MT +(also be used to load the ascii file into the master database.)SH +/Times-Bold SF +7200 26768 MT +(ext_srvtab)SH +/Times-Roman SF +18200 XM +(This program extracts information from the master database and creates a host-)SH +18200 27964 MT +(dependent)SH +/Times-Italic SF +22995 XM +(srvtab)SH +/Times-Roman SF +26020 XM +(file. This) +275 W( file contains the Kerberos keys for the host's)SH +18200 29160 MT +(``Kerberized'' services. These services look up their keys in the)SH +/Times-Italic SF +46846 XM +(srvtab)SH +/Times-Roman SF +49871 XM +(file for)SH +18200 30356 MT +(use in the authentication process.)SH +14 /Times-Bold AF +7200 34203 MT +(1.2 The)350 W +/Times-BoldItalic SF +12334 XM +(kuser)SH +/Times-Bold SF +15874 XM +(Directory)SH +11 /Times-Roman AF +7200 36398 MT +(This directory contains the source code for several user-oriented programs.)SH +/Times-Bold SF +7200 38349 MT +(kinit)SH +/Times-Roman SF +18200 XM +(This program prompts users for their usernames and Kerberos passwords, then)SH +18200 39545 MT +(furnishes them with Kerberos ticket-granting tickets.)SH +/Times-Bold SF +7200 41240 MT +(kdestroy)SH +/Times-Roman SF +18200 XM +(This program destroys any active tickets. Users should use)SH +/Times-Italic SF +44563 XM +(kdestroy)SH +/Times-Roman SF +48564 XM +(before they)SH +18200 42436 MT +(log off their workstations.)SH +/Times-Bold SF +7200 44131 MT +(klist)SH +/Times-Roman SF +18200 XM +(This program lists a user's active tickets.)SH +/Times-Bold SF +7200 45826 MT +(ksrvtgt)SH +/Times-Roman SF +18200 XM +(This retrieves a ticket-granting ticket with a life time of five minutes, using a)SH +18200 47022 MT +(server's secret key in lieu of a password. It is primarily for use in shell scripts)SH +18200 48218 MT +(and other batch facilities.)SH +/Times-Bold SF +7200 49913 MT +(ksu)SH +/Times-Roman SF +18200 XM +(Substitute user id, using Kerberos to mediate attempts to change to ``root''.)SH +14 /Times-Bold AF +7200 53760 MT +(1.3 The)350 W +/Times-BoldItalic SF +12334 XM +(appl)SH +/Times-Bold SF +15173 XM +(Directory)SH +11 /Times-Roman AF +7200 55955 MT +(If your site has the appropriate BSD license, your Kerberos release provides certain Unix utilities The)SH +7200 57151 MT +(Berkeley programs that have been modified to use Kerberos authentication are found in the)SH +/Times-Italic SF +47640 XM +(appl/bsd)SH +/Times-Roman SF +7200 58347 MT +(directory. They) +275 W( include)SH +/Times-Italic SF +18043 XM +(login)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +20855 XM +(rlogin)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +24095 XM +(rsh)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +27914 XM +(rcp)SH +/Times-Roman SF +(, as well as the associated daemon programs)SH +/Times-Italic SF +49081 XM +(kshd)SH +/Times-Roman SF +51372 XM +(and)SH +/Times-Italic SF +7200 59543 MT +(klogind)SH +/Times-Roman SF +(. The)275 W +/Times-Italic SF +13310 XM +(login)SH +/Times-Roman SF +15847 XM +(program obtains ticket-granting tickets for users upon login; the other utilities provide)SH +7200 60739 MT +(authenticated Unix network services.)SH +7200 63037 MT +(The)SH +/Times-Italic SF +9185 XM +(appl)SH +/Times-Roman SF +11416 XM +(directory also contains samples Kerberos application client and server programs, an)SH +7200 64233 MT +(authenticated)SH +/Times-Italic SF +13339 XM +(tftp)SH +/Times-Roman SF +15082 XM +(program,)SH +/Times-Italic SF +19358 XM +(knetd)SH +/Times-Roman SF +(, an authenticated inet daemon.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(2)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 3 4 +BS +0 SI +14 /Times-Bold AF +7200 8167 MT +(1.4 The)350 W +/Times-BoldItalic SF +12334 XM +(server)SH +/Times-Bold SF +16185 XM +(Directory)SH +11 /Times-Roman AF +7200 10362 MT +(The)SH +/Times-Italic SF +9185 XM +(server)SH +/Times-Roman SF +12208 XM +(directory contains the Kerberos KDC server, called)SH +/Times-Italic SF +35052 XM +(kerberos)SH +/Times-Roman SF +(. This) +275 W( program manages read-)SH +7200 11558 MT +(only requests made to the master database, distributing tickets and encryption keys to clients requesting)SH +7200 12754 MT +(authentication service.)SH +14 /Times-Bold AF +7200 16601 MT +(1.5 The)350 W +/Times-BoldItalic SF +12334 XM +(kadmin)SH +/Times-Bold SF +17040 XM +(Directory)SH +11 /Times-Roman AF +7200 18796 MT +(The)SH +/Times-Italic SF +9185 XM +(kadmin)SH +/Times-Roman SF +12698 XM +(directory contains the Kerberos administration server and associated client programs. The)SH +7200 19992 MT +(server accepts network requests from the user program)SH +/Times-Italic SF +31570 XM +(kpasswd)SH +/Times-Roman SF +35573 XM +(\050used to change a user's password\051, the)SH +7200 21188 MT +(Kerberos administration program)SH +/Times-Italic SF +22137 XM +(kadmin)SH +/Times-Roman SF +(, and the srvtab utility program)SH +/Times-Italic SF +39276 XM +(ksrvutil)SH +/Times-Roman SF +(. The) +275 W( administration)SH +7200 22384 MT +(server can make modifications to the master database.)SH +14 /Times-Bold AF +7200 26231 MT +(1.6 The)350 W +/Times-BoldItalic SF +12334 XM +(include)SH +/Times-Bold SF +16962 XM +(Directory)SH +11 /Times-Roman AF +7200 28426 MT +(This directory contains the)SH +/Times-Italic SF +19236 XM +(include)SH +/Times-Roman SF +22749 XM +(files needed to build the Kerberos system.)SH +14 /Times-Bold AF +7200 32273 MT +(1.7 The)350 W +/Times-BoldItalic SF +12334 XM +(lib)SH +/Times-Bold SF +14162 XM +(Directory)SH +11 /Times-Roman AF +7200 34468 MT +(The)SH +/Times-Italic SF +9185 XM +(lib)SH +/Times-Roman SF +10622 XM +(directory has six subdirectories:)SH +/Times-Italic SF +25193 XM +(acl)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +27087 XM +(des)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +29103 XM +(kadm)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +32035 XM +(kdb)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +34173 XM +(knet)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +38418 XM +(krb)SH +/Times-Roman SF +(. The)275 W +/Times-Italic SF +42694 XM +(des)SH +/Times-Roman SF +44435 XM +(directory contains)SH +7200 35664 MT +(source for the DES encryption library. The)SH +/Times-Italic SF +26595 XM +(kadm)SH +/Times-Roman SF +29252 XM +(directory contains source for the Kerberos)SH +7200 36860 MT +(administration server utility library. The)SH +/Times-Italic SF +25439 XM +(kdb)SH +/Times-Roman SF +27302 XM +(directory contains source for the Kerberos database routine)SH +7200 38056 MT +(library. The)275 W +/Times-Italic SF +12942 XM +(knet)SH +/Times-Roman SF +15049 XM +(directory contains source for a library used by clients of the)SH +/Times-Italic SF +41530 XM +(knetd)SH +/Times-Roman SF +44187 XM +(server. The)275 W +/Times-Italic SF +49683 XM +(krb)SH +/Times-Roman SF +7200 39252 MT +(directory contains source for the)SH +/Times-Italic SF +21707 XM +(libkrb.a)SH +/Times-Roman SF +25435 XM +(library. This) +275 W( library contains routines that are used by the)SH +7200 40448 MT +(Kerberos server program, and by applications programs that require authentication service.)SH +14 /Times-Bold AF +7200 44295 MT +(1.8 The)350 W +/Times-BoldItalic SF +12334 XM +(man)SH +/Times-Bold SF +15251 XM +(Directory)SH +11 /Times-Roman AF +7200 46490 MT +(This directory contains manual pages for Kerberos programs and library routines.)SH +14 /Times-Bold AF +7200 50337 MT +(1.9 The)350 W +/Times-BoldItalic SF +12334 XM +(prototypes)SH +/Times-Bold SF +18596 XM +(Directory)SH +11 /Times-Roman AF +7200 52532 MT +(This directory contains prototype)SH +/Times-Italic SF +22108 XM +(/etc/services)SH +/Times-Roman SF +27819 XM +(and)SH +/Times-Italic SF +29682 XM +(/etc/krb.conf)SH +/Times-Roman SF +35486 XM +(files. New) +275 W( entries must be added to the)SH +/Times-Italic SF +7200 53728 MT +(/etc/services)SH +/Times-Roman SF +12911 XM +(file for the Kerberos server, and possibly for Kerberized applications \050)SH +/Times-Italic SF +(services.append)SH +/Times-Roman SF +7200 54924 MT +(contains the entries used by the Athena-provided servers & applications, and is suitable for appending to)SH +7200 56120 MT +(your existing)SH +/Times-Italic SF +13250 XM +(/etc/services)SH +/Times-Roman SF +18961 XM +(file.\051. The)275 W +/Times-Italic SF +23878 XM +(/etc/krb.conf)SH +/Times-Roman SF +29682 XM +(file defines the local Kerberos realm for its host and)SH +7200 57316 MT +(lists Kerberos servers for given realms. The)SH +/Times-Italic SF +26961 XM +(/etc/krb.realms)SH +/Times-Roman SF +33865 XM +(file defines exceptions for mapping machine)SH +7200 58512 MT +(names to Kerberos realms.)SH +14 /Times-Bold AF +7200 62359 MT +(1.10 The)350 W +/Times-BoldItalic SF +13034 XM +(tools)SH +/Times-Bold SF +16107 XM +(Directory)SH +11 /Times-Roman AF +7200 64554 MT +(This directory contains a makefile to set up a directory tree for building the software in, and a shell script)SH +7200 65750 MT +(to format code in the style we use.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(3)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 4 5 +BS +0 SI +14 /Times-Bold AF +7200 8167 MT +(1.11 The)350 W +/Times-BoldItalic SF +13034 XM +(util)SH +/Times-Bold SF +15329 XM +(Directory)SH +11 /Times-Roman AF +7200 10362 MT +(This directory contains several utility programs and libraries. Included are Larry Wall's)SH +/Times-Italic SF +46296 XM +(patch)SH +/Times-Roman SF +49015 XM +(program, a)SH +/Times-Italic SF +7200 11558 MT +(make)SH +/Times-Roman SF +9795 XM +(pre-processor program called)SH +/Times-Italic SF +22956 XM +(imake)SH +/Times-Roman SF +(, and a program for generating Makefile dependencies,)SH +/Times-Italic SF +7200 12754 MT +(makedepend)SH +/Times-Roman SF +(, as well as the Sub-system library and utilities \050)SH +/Times-Italic SF +(ss)SH +/Times-Roman SF +(\051, and the Error table library and utilities)SH +7200 13950 MT +(\050)SH +/Times-Italic SF +(et)SH +/Times-Roman SF +(\051.)SH +16 /Times-Bold AF +7200 18622 MT +(2. Preparing) +400 W( for Installation)SH +11 /Times-Roman AF +7200 20817 MT +(This document assumes that you will build the system on the machine on which you plan to install the)SH +7200 22013 MT +(Kerberos master server and its database. You'll need about 10 megabytes for source and executables.)SH +7200 24311 MT +(By default, there must be a)SH +/Times-Italic SF +19327 XM +(/kerberos)SH +/Times-Roman SF +23756 XM +(directory on the master server machine in which to store the)SH +7200 25507 MT +(Kerberos database files. If the master server machine does not have room on its root partition for these)SH +7200 26703 MT +(files, create a)SH +/Times-Italic SF +13306 XM +(/kerberos)SH +/Times-Roman SF +17735 XM +(symbolic link to another file system.)SH +16 /Times-Bold AF +7200 31375 MT +(3. Preparing) +400 W( for the Build)SH +11 /Times-Roman AF +7200 33570 MT +(Before you build the system, you have to choose a)SH +/Times-Bold SF +29653 XM +(realm name)SH +/Times-Roman SF +(, the name that specifies the system's)SH +7200 34766 MT +(administrative domain. Project Athena uses the internet domain name ATHENA.MIT.EDU to specify its)SH +7200 35962 MT +(Kerberos realm name. We recommend using a name of this form.)SH +/Times-Bold SF +36857 XM +(NOTE:)SH +/Times-Roman SF +40616 XM +(the realm-name is case)SH +7200 37158 MT +(sensitive; by convention, we suggest that you use your internet domain name, in capital letters.)SH +7200 39456 MT +(Edit the [SOURCE_DIR]/)SH +/Times-Italic SF +(include/krb.h)SH +/Times-Roman SF +24860 XM +(file and look for the following lines of code:)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(4)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 5 6 +BS +0 SI +11 /Courier AF +8520 7886 MT +(/*)SH +9180 9000 MT +(* Kerberos specific definitions)SH +9180 10114 MT +(*)SH +9180 11228 MT +(* KRBLOG is the log file for the kerberos master server.)SH +9180 12342 MT +(* KRB_CONF is the configuration file where different host)SH +9180 13456 MT +(* machines running master and slave servers can be found.)SH +9180 14570 MT +(* KRB_MASTER is the name of the machine with the master)SH +9180 15684 MT +(* database. The admin_server runs on this machine, and all)SH +9180 16798 MT +(* changes to the db \050as opposed to read-only requests, which)SH +9180 17912 MT +(* can go to slaves\051 must go to it.)SH +9180 19026 MT +(* KRB_HOST is the default machine when looking for a kerberos)SH +9180 20140 MT +(* slave server. Other possibilities are in the KRB_CONF file.)SH +9180 21254 MT +(* KRB_REALM is the name of the realm.)SH +9180 22368 MT +(*/)SH +8520 24596 MT +(#ifdef notdef)SH +8520 25710 MT +(this is server-only, does not belong here;)SH +8520 26824 MT +(#define KRBLOG) +3960 W( "/kerberos/kerberos.log")5940 W +8520 27938 MT +(are these used anyplace '?';)SH +8520 29052 MT +(#define VX_KRB_HSTFILE) +9240 W( "/etc/krbhst")660 W +8520 30166 MT +(#define PC_KRB_HSTFILE) +9240 W( "\134\134kerberos\134\134krbhst")660 W +8520 31280 MT +(#endif)SH +8520 33508 MT +(#define KRB_CONF) +9240 W( "/etc/krb.conf")4620 W +8520 34622 MT +(#define KRB_RLM_TRANS) +9240 W( "/etc/krb.realms")1320 W +8520 35736 MT +(#define KRB_MASTER) +9240 W( "kerberos")3300 W +8520 36850 MT +(#define KRB_HOST) +9240 W( KRB_MASTER)5280 W +8520 37964 MT +(#define KRB_REALM) +9240 W( "ATHENA.MIT.EDU")3960 W +/Times-Roman SF +7200 39559 MT +(Edit the last line as follows:)SH +9400 41510 MT +(1.)SH +10500 XM +(Change the KRB_REALM definition so that it specifies the realm name you have chosen)SH +10500 42706 MT +(for your Kerberos system. This is a default which is usually overridden by a configuration)SH +10500 43902 MT +(file on each machine; however, if that config file is absent, many programs will use this)SH +10500 45098 MT +("built-in" realm name.)SH +14 /Times-Bold AF +7200 48945 MT +(3.1 The)350 W +/Times-BoldItalic SF +12334 XM +(/etc/krb.conf)SH +/Times-Bold SF +19956 XM +(File)SH +11 /Times-Roman AF +7200 51140 MT +(Create a)SH +/Times-Italic SF +11108 XM +(/etc/krb.conf)SH +/Times-Roman SF +16912 XM +(file using the following format:)SH +/Times-BoldItalic SF +8520 52740 MT +(realm_name)SH +8520 53854 MT +(realm_name master_server_name)1045 W +/Courier SF +25594 XM +(admin server)SH +/Times-Roman SF +7200 55449 MT +(where)SH +/Times-Italic SF +10161 XM +(realm_name)SH +/Times-Roman SF +15934 XM +(specifies the system's realm name, and)SH +/Times-Italic SF +33375 XM +(master_server_name)SH +/Times-Roman SF +42874 XM +(specifies the machine)SH +7200 56645 MT +(name on which you will run the master server. The words 'admin server' must appear next to the name of)SH +7200 57841 MT +(the server on which you intend to run the administration server \050which must be a machine with access to)SH +7200 59037 MT +(the database\051.)SH +7200 61335 MT +(For example, if your realm name is)SH +/Times-Italic SF +22962 XM +(tim.edu)SH +/Times-Roman SF +26506 XM +(and your master server's name is)SH +/Times-Italic SF +41288 XM +(kerberos.tim.edu)SH +/Times-Roman SF +(, the file)SH +7200 62531 MT +(should have these contents:)SH +/Courier SF +8520 64057 MT +(tim.edu)SH +8520 65171 MT +(tim.edu kerberos.tim.edu) +660 W( admin server)SH +/Times-Roman SF +7200 67469 MT +(See the [SOURCE_DIR]/)SH +/Times-Italic SF +(prototypes/etc.krb.conf)SH +/Times-Roman SF +28921 XM +(file for an example)SH +/Times-Italic SF +37533 XM +(/etc/krb.conf)SH +/Times-Roman SF +43337 XM +(file. That) +275 W( file has)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(5)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 6 7 +BS +0 SI +11 /Times-Roman AF +7200 7955 MT +(examples of how to provide backup servers for a given realm \050additional lines with the same leading)SH +7200 9151 MT +(realm name\051 and how to designate servers for remote realms.)SH +14 /Times-Bold AF +7200 12998 MT +(3.2 The)350 W +/Times-BoldItalic SF +12334 XM +(/etc/krb.realms)SH +/Times-Bold SF +21280 XM +(File)SH +11 /Times-Roman AF +7200 15193 MT +(In many situations, the default realm in which a host operates will be identical to the domain portion its)SH +7200 16389 MT +(Internet domain name.)SH +7200 18687 MT +(If this is not the case, you will need to establish a translation from host name or domain name to realm)SH +7200 19883 MT +(name. This) +275 W( is accomplished with the)SH +/Times-Italic SF +23820 XM +(/etc/krb.realms)SH +/Times-Roman SF +30724 XM +(file.)SH +7200 22181 MT +(Each line of the translation file specifies either a hostname or domain name, and its associated realm:)SH +/Courier SF +8520 23707 MT +(.domain.name kerberos.realm1)SH +8520 24821 MT +(host.name kerberos.realm2)SH +/Times-Roman SF +7200 26416 MT +(For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 but the host)SH +7200 27612 MT +(FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read:)SH +/Courier SF +8520 29138 MT +(.LSC.TIM.EDU KRB.REALM1)SH +8520 30252 MT +(FILMS.LSC.TIM.EDU KRB.REALM2)SH +/Times-Roman SF +7200 31847 MT +(If a particular host matches both a domain and a host entry, the host entry takes precedence.)SH +16 /Times-Bold AF +7200 36519 MT +(4. Building) +400 W( the Software)SH +11 /Times-Roman AF +7200 38714 MT +(Before you build the software read the)SH +/Times-Bold SF +24395 XM +(README)SH +/Times-Roman SF +29558 XM +(file in [SOURCE_DIR]. What follows is a more)SH +7200 39910 MT +(detailed description of the instructions listed in README.)SH +9400 41861 MT +(1.)SH +10500 XM +(Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you are about to)SH +10500 43057 MT +(build, for example,)SH +/Times-Italic SF +19145 XM +(/mit/kerberos/obj)SH +/Times-Roman SF +(.)SH +9400 44951 MT +(2.)SH +10500 XM +(Change directory to [OBJ_DIR]. The following command creates directories under)SH +10500 46147 MT +([OBJ_DIR] and installs Makefiles for the final build.)SH +/Courier SF +11820 47724 MT +(host%)SH +/Times-Bold SF +15780 XM +(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR])275 W +/Times-Roman SF +9400 49618 MT +(3.)SH +10500 XM +(Change directory to util/imake.includes. Read through config.Imakefile, turning on)SH +10500 50814 MT +(appropriate flags for your installation. Change SRCTOP so that it is set to the top level of)SH +10500 52010 MT +(your source directory.)SH +9400 53904 MT +(4.)SH +10500 XM +(Check that your machine type has a definition in include/osconf.h & related files in the)SH +10500 55100 MT +(source tree \050if it doesn't, then you may need to create your own; if you get successful)SH +10500 56296 MT +(results, please post to kerberos@athena.mit.edu\051)SH +9400 58190 MT +(5.)SH +10500 XM +(Change directory to [OBJ_DIR]. The next command generates new Makefiles based on the)SH +10500 59386 MT +(configuration you selected in config.Imakefile, then adds dependency information to the)SH +10500 60582 MT +(Makefiles, and finally builds the system:)SH +/Courier SF +11820 62159 MT +(host%)SH +/Times-Bold SF +15780 XM +(make world)275 W +/Times-Roman SF +10500 63754 MT +(This command takes a while to complete; you may wish to redirect the output onto a file)SH +10500 64950 MT +(and put the job in the background:)SH +/Courier SF +11820 66527 MT +(host%)SH +/Times-Bold SF +15780 XM +(make world) +275 W( >&WORLDLOG_891201 &)SH +/Times-Roman SF +10500 68122 MT +(If you need to rebuild the Kerberos programs and libraries after making a change, you can)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(6)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 7 8 +BS +0 SI +11 /Times-Roman AF +10500 7955 MT +(usually just type:)SH +/Courier SF +11820 9532 MT +(host%)SH +/Times-Bold SF +15780 XM +(make all)275 W +/Times-Roman SF +10500 11127 MT +(However, if you changed the configuration in config.Imakefile or modified the Imakefiles)SH +10500 12323 MT +(or Makefiles, you should run)SH +/Times-Italic SF +23514 XM +(make world)SH +/Times-Roman SF +28952 XM +(to re-build all the Makefiles and dependency lists.)SH +14 /Times-Bold AF +7200 16141 MT +(4.1 Testing) +350 W( the DES Library)SH +11 /Times-Roman AF +7200 18336 MT +(Use the)SH +/Times-Italic SF +10804 XM +(verify)SH +/Times-Roman SF +13583 XM +(command to test the DES library implementation:)SH +/Courier SF +8520 19913 MT +(host%)SH +/Times-Bold SF +12480 XM +([OBJ_DIR]/lib/des/verify)SH +/Times-Roman SF +7200 21508 MT +(The command should display the following:)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(7)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 8 9 +BS +0 SI +11 /Courier AF +8520 7886 MT +(Examples per FIPS publication 81, keys ivs and cipher)SH +8520 9000 MT +(in hex. These are the correct answers, see below for)SH +8520 10114 MT +(the actual answers.)SH +8520 12342 MT +(Examples per Davies and Price.)SH +8520 14570 MT +(EXAMPLE ECB) +SH( key) +2640 W( = 08192a3b4c5d6e7f)SH +13800 15684 MT +(clear = 0)SH +13800 16798 MT +(cipher = 25 dd ac 3e 96 17 64 67)SH +8520 17912 MT +(ACTUAL ECB)SH +13800 19026 MT +(clear "")SH +13800 20140 MT +(cipher =) +660 W( \050low to high bytes\051)SH +19080 21254 MT +(25 dd ac 3e 96 17 64 67)SH +8520 23482 MT +(EXAMPLE ECB) +SH( key) +2640 W( = 0123456789abcdef)SH +13800 24596 MT +(clear = "Now is the time for all ")SH +13800 25710 MT +(cipher = 3f a4 0e 8a 98 4d 48 15 ...)SH +8520 26824 MT +(ACTUAL ECB)SH +13800 27938 MT +(clear "Now is the time for all ")SH +13800 29052 MT +(cipher =) +660 W( \050low to high bytes\051)SH +19080 30166 MT +(3f a4 0e 8a 98 4d 48 15)SH +8520 32394 MT +(EXAMPLE CBC) +SH( key) +2640 W( = 0123456789abcdef iv = 1234567890abcdef)SH +13800 33508 MT +(clear = "Now is the time for all ")SH +13800 34622 MT +(cipher =) +SH( e5) +4620 W( c7 cd de 87 2b f2 7c)SH +24360 35736 MT +(43 e9 34 00 8c 38 9c 0f)SH +24360 36850 MT +(68 37 88 49 9a 7c 05 f6)SH +8520 37964 MT +(ACTUAL CBC)SH +13800 39078 MT +(clear "Now is the time for all ")SH +13800 40192 MT +(ciphertext = \050low to high bytes\051)SH +19080 41306 MT +(e5 c7 cd de 87 2b f2 7c)SH +19080 42420 MT +(43 e9 34 00 8c 38 9c 0f)SH +19080 43534 MT +(68 37 88 49 9a 7c 05 f6)SH +19080 44648 MT +(00 00 00 00 00 00 00 00)SH +19080 45762 MT +(00 00 00 00 00 00 00 00)SH +19080 46876 MT +(00 00 00 00 00 00 00 00)SH +19080 47990 MT +(00 00 00 00 00 00 00 00)SH +19080 49104 MT +(00 00 00 00 00 00 00 00)SH +13800 50218 MT +(decrypted clear_text = "Now is the time for all ")SH +8520 51332 MT +(EXAMPLE CBC checksum) +SH( key) +1980 W( = 0123456789abcdef iv = 1234567890abcdef)SH +13800 52446 MT +(clear =) +SH( "7654321) +5280 W( Now is the time for ")SH +13800 53560 MT +(checksum 58) +4620 W( d2 e7 7e 86 06 27 33 or some part thereof)SH +8520 54674 MT +(ACTUAL CBC checksum)SH +19080 55788 MT +(encrypted cksum = \050low to high bytes\051)SH +19080 56902 MT +(58 d2 e7 7e 86 06 27 33)SH +/Times-Roman SF +7200 59200 MT +(If the)SH +/Times-Italic SF +9826 XM +(verify)SH +/Times-Roman SF +12605 XM +(command fails to display this information as specified above, the implementation of DES for)SH +7200 60396 MT +(your hardware needs to be adjusted. Your Kerberos system cannot work properly if your DES library)SH +7200 61592 MT +(fails this test.)SH +7200 63890 MT +(When you have finished building the software, you will find the executables in the object tree as follows:)SH +/Times-Bold SF +7200 65841 MT +([OBJ_DIR]/admin)SH +/Times-Italic SF +18200 XM +(ext_srvtab)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +23332 XM +(kdb_destroy)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +29258 XM +(kdb_edit)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +33596 XM +(kdb_init)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +37752 XM +(kdb_util)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +43771 XM +(kstash)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 67536 MT +([OBJ_DIR]/kuser)SH +/Times-Italic SF +18200 XM +(kdestroy)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +22476 XM +(kinit)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +24982 XM +(klist)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +27366 XM +(ksrvtgt)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +32773 XM +(ksu)SH +/Times-Roman SF +(.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(8)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 9 10 +BS +0 SI +11 /Times-Bold AF +7200 7955 MT +([OBJ_DIR]/server)SH +/Times-Italic SF +18200 XM +(kerberos)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 9650 MT +([OBJ_DIR]/appl/bsd)SH +/Times-Italic SF +18200 XM +(klogind)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +22050 XM +(kshd)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +24616 XM +(login.krb)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +29169 XM +(rcp)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +31185 XM +(rlogin)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +36288 XM +(rsh)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 11345 MT +([OBJ_DIR]/appl/knetd)SH +/Times-Italic SF +18200 XM +(knetd)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 13040 MT +([OBJ_DIR]/appl/sample)SH +/Times-Italic SF +18200 14236 MT +(sample_server)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +25164 XM +(sample_client)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +31824 XM +(simple_server)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +40407 XM +(simple_client)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 15931 MT +([OBJ_DIR]/appl/tftp)SH +/Times-Italic SF +18200 XM +(tcom)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +20888 XM +(tftpd)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +25319 XM +(tftp)SH +/Times-Roman SF +(.)SH +/Times-Bold SF +7200 17626 MT +([OBJ_DIR]/slave)SH +/Times-Italic SF +18200 XM +(kprop)SH +/Times-Roman SF +21041 XM +(and)SH +/Times-Italic SF +22904 XM +(kpropd)SH +/Times-Roman SF +(.)SH +16 /Times-Bold AF +7200 22298 MT +(5. Installing) +400 W( the Software)SH +11 /Times-Roman AF +7200 24493 MT +(To install the software, issue the)SH +/Times-Italic SF +21711 XM +(make install)SH +/Times-Roman SF +27333 XM +(command from the [OBJ_DIR] \050you need to be a privileged)SH +7200 25689 MT +(user in order to properly install the programs\051. Programs can either be installed in default directories, or)SH +7200 26885 MT +(under a given root directory, as described below.)SH +14 /Times-Bold AF +7200 30703 MT +(5.1 The) +350 W( ``Standard'' Places)SH +11 /Times-Roman AF +7200 32898 MT +(If you use the)SH +/Times-Italic SF +13492 XM +(make)SH +/Times-Roman SF +16087 XM +(command as follows:)SH +/Courier SF +8520 34475 MT +(host#)SH +/Times-Bold SF +12480 XM +(make install)275 W +/Times-Roman SF +7200 36070 MT +(the installation process will try to install the various parts of the system in ``standard'' directories. This)SH +7200 37266 MT +(process creates the ``standard'' directories as needed.)SH +7200 39564 MT +(The standard installation process copies things as follows:)SH +/Symbol SF +9169 41640 MT +(\267)SH +/Times-Roman SF +9950 XM +(The)SH +/Times-Italic SF +11935 XM +(include)SH +/Times-Roman SF +15448 XM +(files)SH +/Times-Italic SF +17617 XM +(krb.h)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +20458 XM +(des.h)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +23299 XM +(mit-copyright.h)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +30662 XM +(kadm.h)SH +/Times-Roman SF +34144 XM +(and)SH +/Times-Italic SF +36007 XM +(kadm_err.h)SH +/Times-Roman SF +41383 XM +(get copied to the)SH +/Times-Italic SF +9950 42836 MT +(/usr/include)SH +/Times-Roman SF +15481 XM +(directory.)SH +/Symbol SF +9169 44730 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos libraries)SH +/Times-Italic SF +20119 XM +(libdes.a)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +24122 XM +(libkrb.a)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +28125 XM +(libkdb.a)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +32250 XM +(libkadm.a)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +37169 XM +(libknet.a)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +43401 XM +(libacl.a)SH +/Times-Roman SF +47007 XM +(get)SH +9950 45926 MT +(copied to the)SH +/Times-Italic SF +15907 XM +(/usr/athena/lib)SH +/Times-Roman SF +22662 XM +(\050or wherever you pointed LIBDIR in config.Imakefile\051)SH +9950 47122 MT +(directory.)SH +/Symbol SF +9169 49016 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos master database utilities)SH +/Times-Italic SF +27085 XM +(kdb_init)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +31241 XM +(kdb_destroy)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +37167 XM +(kdb_edit)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +41505 XM +(kdb_util)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +45661 XM +(kstash)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +9950 50212 MT +(ext_srvtab)SH +/Times-Roman SF +14807 XM +(get copied to the)SH +/Times-Italic SF +22383 XM +(/usr/etc)SH +/Times-Roman SF +25958 XM +(\050DAEMDIR\051 directory.)SH +/Symbol SF +9169 52106 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos user utilities)SH +/Times-Italic SF +21924 XM +(kinit)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +24430 XM +(kdestroy)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +28706 XM +(klist)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +31090 XM +(ksrvtgt)SH +/Times-Roman SF +34359 XM +(and)SH +/Times-Italic SF +36222 XM +(ksu)SH +/Times-Roman SF +37963 XM +(get copied to the)SH +/Times-Italic SF +45539 XM +(/usr/athena)SH +/Times-Roman SF +9950 53302 MT +(\050PROGDIR\051 directory.)SH +/Symbol SF +9169 55196 MT +(\267)SH +/Times-Roman SF +9950 XM +(The modified Berkeley utilities)SH +/Times-Italic SF +24004 XM +(rsh)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +25960 XM +(rlogin)SH +/Times-Roman SF +28925 XM +(get copied to the)SH +/Times-Italic SF +36501 XM +(/usr/ucb)SH +/Times-Roman SF +40382 XM +(\050UCBDIR\051 directory;)SH +/Times-Italic SF +9950 56392 MT +(rcp)SH +/Times-Roman SF +11691 XM +(gets copied to the)SH +/Times-Italic SF +19695 XM +(/bin)SH +/Times-Roman SF +21682 XM +(\050SLASHBINDIR\051 directory; and)SH +/Times-Italic SF +36375 XM +(rlogind)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +40165 XM +(rshd)SH +/Times-Roman SF +(, and)SH +/Times-Italic SF +44534 XM +(login.krb)SH +/Times-Roman SF +48812 XM +(get)SH +9950 57588 MT +(copied to the)SH +/Times-Italic SF +15907 XM +(/usr/etc)SH +/Times-Roman SF +19482 XM +(\050DAEMDIR\051 directory. The old copies of the user programs are)SH +9950 58784 MT +(renamed)SH +/Times-Italic SF +14011 XM +(rsh.ucb)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +17830 XM +(rlogin.ucb)SH +/Times-Roman SF +22658 XM +(and)SH +/Times-Italic SF +24521 XM +(rcp.ucb)SH +/Times-Roman SF +(, respectively. The Kerberos versions of these)SH +9950 59980 MT +(programs are designed to fall back and execute the original versions if something prevents)SH +9950 61176 MT +(the Kerberos versions from succeeding.)SH +/Symbol SF +9169 63070 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos version of)SH +/Times-Italic SF +20944 XM +(tftp)SH +/Times-Roman SF +22687 XM +(and)SH +/Times-Italic SF +24550 XM +(tcom)SH +/Times-Roman SF +26963 XM +(get copied to the)SH +/Times-Italic SF +34539 XM +(/usr/athena)SH +/Times-Roman SF +39826 XM +(\050PROGDIR\051 directory;)SH +/Times-Italic SF +9950 64266 MT +(tftpd)SH +/Times-Roman SF +12243 XM +(gets copied to the)SH +/Times-Italic SF +20247 XM +(/etc)SH +/Times-Roman SF +22110 XM +(\050ETCDIR\051 directory.)SH +/Times-Italic SF +31884 XM +(tftp)SH +/Times-Roman SF +33627 XM +(and)SH +/Times-Italic SF +35490 XM +(tftpd)SH +/Times-Roman SF +37783 XM +(are installed set-uid to an)SH +9950 65462 MT +(unprivileged user \050user id of DEF_UID\051.)SH +/Symbol SF +9169 67356 MT +(\267)SH +/Times-Roman SF +9950 XM +(The)SH +/Times-Italic SF +11935 XM +(knetd)SH +/Times-Roman SF +14592 XM +(daemon gets copied to the)SH +/Times-Italic SF +26353 XM +(/usr/etc)SH +/Times-Roman SF +29928 XM +(\050DAEMDIR\051 directory.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(9)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 10 11 +BS +0 SI +11 /Symbol AF +9169 8080 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos server)SH +/Times-Italic SF +19201 XM +(kerberos)SH +/Times-Roman SF +(, the slave propagation software)SH +/Times-Italic SF +37343 XM +(kprop)SH +/Times-Roman SF +40184 XM +(and)SH +/Times-Italic SF +42047 XM +(kpropd)SH +/Times-Roman SF +(, and the)SH +9950 9276 MT +(administration server)SH +/Times-Italic SF +19542 XM +(kadmind)SH +/Times-Roman SF +23605 XM +(get copied to the)SH +/Times-Italic SF +31181 XM +(/usr/etc)SH +/Times-Roman SF +34756 XM +(\050SVRDIR, SVRDIR, and)SH +9950 10472 MT +(DAEMDIR\051 directory.)SH +/Symbol SF +9169 12366 MT +(\267)SH +/Times-Roman SF +9950 XM +(The remote administration tools)SH +/Times-Italic SF +24310 XM +(kpasswd)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +28588 XM +(ksrvutil)SH +/Times-Roman SF +32163 XM +(and)SH +/Times-Italic SF +34026 XM +(kadmin)SH +/Times-Roman SF +37539 XM +(get copied to the)SH +/Times-Italic SF +45115 XM +(/usr/athena)SH +/Times-Roman SF +9950 13562 MT +(\050PROGDIR\051 directory.)SH +/Symbol SF +9169 15456 MT +(\267)SH +/Times-Roman SF +9950 XM +(The Kerberos manual pages get installed in the appropriate)SH +/Times-Italic SF +36187 XM +(/usr/man)SH +/Times-Roman SF +40374 XM +(directories. Don't)275 W +9950 16652 MT +(forget to run)SH +/Times-Italic SF +15723 XM +(makewhatis)SH +/Times-Roman SF +21192 XM +(after installing the manual pages.)SH +14 /Times-Bold AF +7200 20470 MT +(5.2 ``Non-Standard'') +350 W( Installation)SH +11 /Times-Roman AF +7200 22665 MT +(If you'd rather install the software in a different location, you can use the)SH +/Times-Italic SF +39667 XM +(make)SH +/Times-Roman SF +42262 XM +(command as follows,)SH +7200 23861 MT +(where [DEST_DIR] specifies an alternate destination directory which will be used as the root for the)SH +7200 25057 MT +(installed programs, i.e. programs that would normally be installed in /usr/athena would be installed in)SH +7200 26253 MT +([DEST_DIR]/usr/athena.)SH +/Courier SF +8520 27830 MT +(host#)SH +/Times-Bold SF +12480 XM +(make install DESTDIR=[DEST_DIR])275 W +16 SS +7200 32502 MT +(6. Conclusion)400 W +11 /Times-Roman AF +7200 34697 MT +(Now that you have built and installed your Kerberos system, use the accompanying Kerberos Operation)SH +4030 50 44224 34897 UL +4398 50 48529 34897 UL +7200 35893 MT +(Notes to create a Kerberos Master database, install authenticated services, and start the Kerberos server.)SH +2566 50 7200 36093 UL +16 /Times-Bold AF +7200 40565 MT +(7. Acknowledgements)400 W +11 /Times-Roman AF +7200 42760 MT +(We'd like to thank Henry Mensch and Jon Rochlis for helping us debug this document.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30100 XM +(10)SH +47890 XM +(4 January 1990)SH +ES +%%Page: i 12 +BS +0 SI +14 /Times-Bold AF +25272 8138 MT +(Table of Contents)SH +13 SS +7200 9781 MT +(1. Organization) +325 W( of the Source Directory)SH +53350 XM +(1)SH +12 /Times-Roman AF +9000 11136 MT +(1.1 The)300 W +/Times-BoldItalic SF +13266 XM +(admin)SH +/Times-Roman SF +16701 XM +(Directory)SH +53400 XM +(2)SH +9000 12491 MT +(1.2 The)300 W +/Times-BoldItalic SF +13266 XM +(kuser)SH +/Times-Roman SF +16300 XM +(Directory)SH +53400 XM +(2)SH +9000 13846 MT +(1.3 The)300 W +/Times-BoldItalic SF +13266 XM +(appl)SH +/Times-Roman SF +15700 XM +(Directory)SH +53400 XM +(2)SH +9000 15201 MT +(1.4 The)300 W +/Times-BoldItalic SF +13266 XM +(server)SH +/Times-Roman SF +16566 XM +(Directory)SH +53400 XM +(3)SH +9000 16556 MT +(1.5 The)300 W +/Times-BoldItalic SF +13266 XM +(kadmin)SH +/Times-Roman SF +17301 XM +(Directory)SH +53400 XM +(3)SH +9000 17911 MT +(1.6 The)300 W +/Times-BoldItalic SF +13266 XM +(include)SH +/Times-Roman SF +17234 XM +(Directory)SH +53400 XM +(3)SH +9000 19266 MT +(1.7 The)300 W +/Times-BoldItalic SF +13266 XM +(lib)SH +/Times-Roman SF +14834 XM +(Directory)SH +53400 XM +(3)SH +9000 20621 MT +(1.8 The)300 W +/Times-BoldItalic SF +13266 XM +(man)SH +/Times-Roman SF +15767 XM +(Directory)SH +53400 XM +(3)SH +9000 21976 MT +(1.9 The)300 W +/Times-BoldItalic SF +13266 XM +(prototypes)SH +/Times-Roman SF +18634 XM +(Directory)SH +53400 XM +(3)SH +9000 23331 MT +(1.10 The)300 W +/Times-BoldItalic SF +13866 XM +(tools)SH +/Times-Roman SF +16501 XM +(Directory)SH +53400 XM +(3)SH +9000 24686 MT +(1.11 The)300 W +/Times-BoldItalic SF +13866 XM +(util)SH +/Times-Roman SF +15835 XM +(Directory)SH +53400 XM +(4)SH +13 /Times-Bold AF +7200 26329 MT +(2. Preparing) +325 W( for Installation)SH +53350 XM +(4)SH +7200 27972 MT +(3. Preparing) +325 W( for the Build)SH +53350 XM +(4)SH +12 /Times-Roman AF +9000 29327 MT +(3.1 The)300 W +/Times-BoldItalic SF +13266 XM +(/etc/krb.conf)SH +/Times-Roman SF +19801 XM +(File)SH +53400 XM +(5)SH +9000 30682 MT +(3.2 The)300 W +/Times-BoldItalic SF +13266 XM +(/etc/krb.realms)SH +/Times-Roman SF +20936 XM +(File)SH +53400 XM +(6)SH +13 /Times-Bold AF +7200 32325 MT +(4. Building) +325 W( the Software)SH +53350 XM +(6)SH +12 /Times-Roman AF +9000 33674 MT +(4.1 Testing) +300 W( the DES Library)SH +53400 XM +(7)SH +13 /Times-Bold AF +7200 35317 MT +(5. Installing) +325 W( the Software)SH +53350 XM +(9)SH +12 /Times-Roman AF +9000 36666 MT +(5.1 The) +300 W( ``Standard'' Places)SH +53400 XM +(9)SH +9000 38015 MT +(5.2 ``Non-Standard'') +300 W( Installation)SH +52800 XM +(10)SH +13 /Times-Bold AF +7200 39658 MT +(6. Conclusion)325 W +52700 XM +(10)SH +7200 41301 MT +(7. Acknowledgements)325 W +52700 XM +(10)SH +10 /Times-Roman AF +7200 75600 MT +(MIT Project Athena)SH +30461 XM +(i)SH +47890 XM +(4 January 1990)SH +ES +%%Trailer +%%Pages: 12 +%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol diff --git a/doc/old-V4-docs/installation.mss b/doc/old-V4-docs/installation.mss new file mode 100644 index 000000000..0a2ae7595 --- /dev/null +++ b/doc/old-V4-docs/installation.mss @@ -0,0 +1,681 @@ +@Comment[ $Source$] +@Comment[ $Author$] +@Comment[ $Id$] +@Comment[] +@device[postscript] +@make[report] +@comment[ +@DefineFont(HeadingFont, + P=, + B=, + I=, + R=) +] +@DefineFont(HeadingFont, + P=, + B=, + I=, + R=) +@Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], + IncrementedBy Use,Announced) +@Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], + IncrementedBy Use,Referenced [@1],Announced) +@Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], + IncrementedBy,Referenced [@A],Announced,Alias Chapter) +@Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias + Chapter) +@Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, + Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy + Use,Announced) +@Counter(AppendixSection,Within Appendix,TitleEnv HD2, + ContentsEnv tc2, + Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy + Use,Announced) +@Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, + Numbered [@#@:.@1 ],IncrementedBy Use, + Referenced [@#@:.@1 ]) +@Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, + ContentsEnv tc3, + Numbered [@#@:.@1 ],IncrementedBy Use, + Referenced [@#@:.@1 ]) +@Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, + Numbered [@#@:.@1 ],Referenced [@#@:.@1], + IncrementedBy Use) +@modify(CopyrightNotice, Fixed -1 inch, Flushright) +@Modify(Titlebox, Fixed 3.0 inches) +@Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) +@Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) +@Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) +@Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) +@Modify(Tc1, Above .5, Facecode B) +@Modify(Tc2, Above .25, Below .25, Facecode R) +@Modify(Tc3,Facecode R) +@Modify(Tc4,Facecode R) +@Modify(Itemize,Above 1line,Below 1line) +@Modify(Insert,LeftMargin +2, RightMargin +2) +@libraryfile[stable] +@comment[@Style(Font NewCenturySchoolBook, size 11)] +@Style(Font TimesRoman, size 11) +@Style(Spacing 1.1, indent 0) +@Style(leftmargin 1.0inch) +@Style(justification no) +@Style(BottomMargin 1.5inch) +@Style(ChangeBarLocation Right) +@Style(ChangeBars=off) +@pageheading[immediate] +@pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", +right = "@value(date)"] +@set[page = 0] +@blankspace[.5 inches] +@begin[group, size 20] +@begin(center) +@b[Kerberos Installation Notes] +@b[DRAFT] +@end[center] +@end(group) +@blankspace[.5 inches] +@begin[group, size 16] +@begin(center) +Bill Bryant +Jennifer Steiner +John Kohl +@blankspace[1 line] +Project Athena, MIT +@blankspace[.5 inches] +@b[Initial Release, January 24, 1989] +@i[(plus later patches through patchlevel 7)] +@end[center] +@end(group) +@begin[group, size 10] +@end[group] +@blankspace[.75 inches] + + +The release consists of three parts. + +The first part consists of the core Kerberos system, which was developed +at MIT and does not require additional licenses for us to distribute. +Included in this part are the Kerberos authentication server, the +Kerberos library, the +@i[ndbm] +database interface library, user programs, administration programs, +manual pages, some applications which use Kerberos for authentication, +and some utilities. + +The second part is the Data Encryption Standard (DES) library, which we +are distributing only within the United States. + +The third part contains Kerberos modifications to Sun's NFS, which we +distribute as ``context diffs'' to the Sun NFS source code. Its +distribution is controlled to provide an accounting of who has retrieved +the patches, so that Project Athena can comply with its agreements with +Sun regarding distribution of these changes. + +@newpage() +@chapter[Organization of the Source Directory] + +The Kerberos building and installation process, +as described in this document, +builds the binaries and executables from the files contained in the Kerberos +source tree, and deposits them in a separate object tree. +This is intended to easily support several different build trees from a +single source tree (this is useful if you support several machine +architectures). +We suggest that you copy the Kerberos sources into a +@i[/mit/kerberos/src] directory, +and create as well a @i[/mit/kerberos/obj] directory in which +to hold the executables. +In the rest of this document, we'll refer to the Kerberos +source and object directories as [SOURCE_DIR] +and [OBJ_DIR], respectively. + +Below is a brief overview of the organization of the complete +source directory. +More detailed descriptions follow. + +@begin[description] + +@b[admin]@\utilities for the Kerberos administrator + +@b[appl]@\applications that use Kerberos + +@b[appl/bsd]@\Berkeley's rsh/rlogin suite, using Kerberos + +@b[appl/knetd]@\(old) software for inetd-like multiplexing of a single +TCP listening port + +@b[appl/sample]@\sample application servers and clients + +@b[appl/tftp]@\Trivial File Transfer Protocol, using Kerberos + +@b[include]@\include files + +@b[kadmin]@\remote administrative interface to the Kerberos master database + +@b[kuser]@\assorted user programs + +@b[lib]@\libraries for use with/by Kerberos + +@b[lib/acl]@\Access Control List library + +@b[lib/des]@\Data Encryption Standard library (US only) + +@b[lib/kadm]@\administrative interface library + +@b[lib/kdb]@\Kerberos server library interface to @i[ndbm] + +@b[lib/knet]@\(old) library for use with @b[knetd] + +@b[lib/krb]@\Kerberos library + +@b[man]@\manual pages + +@b[prototypes]@\sample configuration files + +@b[server]@\the authentication server + +@b[slave]@\Kerberos slave database propagation software + +@b[tools]@\shell scripts for maintaining the source tree + +@b[util]@\utilities + +@b[util/imake]@\Imakefile-to-Makefile ``compilation'' tool + +@b[util/ss]@\Sub-system library (for command line subsystems) + +@b[util/et]@\Error-table library (for independent, unique error codes) + +@b[util/makedepend]@\Makefile dependency generator tool + +@end[description] + +@section[The @p(admin) Directory] + +This directory contains source for +the Kerberos master database administration tools. +@begin[description] +@b[kdb_init]@\This program creates and initializes the +Kerberos master database. +It prompts for a Kerberos realmname, and the Kerberos master password. + +@b[kstash]@\This program ``stashes'' the master password in the file +@i[/.k] so that the master server machine can restart the Kerberos +server automatically after an unattended reboot. +The hidden password is also available to administrative programs +that have been set to run automatically. + +@b[kdb_edit]@\This program is a low-level tool for editing +the master database. + +@b[kdb_destroy]@\This program deletes the master database. + +@b[kdb_util]@\This program can be used to dump the master database +into an ascii file, and can also be used to load the ascii file +into the master database. + +@b[ext_srvtab]@\This program extracts information from the master +database and creates a host-dependent @i[srvtab] file. +This file contains the Kerberos keys for the host's +``Kerberized'' services. +These services look up their keys in the @i[srvtab] file +for use in the authentication process. +@end[description] + +@section[The @p(kuser) Directory] + +This directory contains the source code for several user-oriented +programs. +@begin[description] +@b[kinit]@\This program prompts users for their usernames and +Kerberos passwords, then furnishes them with Kerberos ticket-granting +tickets. + +@b[kdestroy]@\This program destroys any active tickets. +Users should use @i[kdestroy] before they log off their workstations. + +@b[klist]@\This program lists a user's active tickets. + +@b[ksrvtgt]@\This retrieves a ticket-granting ticket with a life time +of five minutes, using a server's secret key in lieu of a password. It +is primarily for use in shell scripts and other batch facilities. + +@b[ksu]@\Substitute user id, using Kerberos to mediate attempts to +change to ``root''. +@end[description] + +@section[The @p(appl) Directory] + +If your site has the appropriate BSD license, +your Kerberos release provides certain Unix utilities +The Berkeley programs that have been modified to use Kerberos +authentication are found in the @i[appl/bsd] directory. +They include @i[login], @i[rlogin], @i[rsh], and @i[rcp], as well as the +associated daemon programs @i[kshd] and @i[klogind]. +The @i[login] program obtains ticket-granting tickets for users +upon login; the other utilities provide authenticated +Unix network services. + +The @i[appl] directory also contains samples Kerberos application +client and server programs, an authenticated @i[tftp] program, +@i[knetd], an authenticated inet daemon. + +@section[The @p(server) Directory] + +The @i[server] directory contains the Kerberos KDC server, called +@i[kerberos]. +This program manages read-only requests made to the +master database, +distributing tickets and encryption keys to clients requesting +authentication service. + +@section[The @p(kadmin) Directory] + +The @i[kadmin] directory contains the Kerberos administration server and +associated client programs. +The server accepts network requests from the +user program @i[kpasswd] (used to change a user's password), the +Kerberos administration program @i(kadmin), and the srvtab utility +program @i[ksrvutil]. +The administration server can make modifications to the master database. + +@section[The @p(include) Directory] + +This directory contains the @i[include] files needed to +build the Kerberos system. + +@section[The @p(lib) Directory] + +The @i[lib] directory has six subdirectories: +@i[acl], @i[des], @i[kadm], @i[kdb], @i[knet], and @i[krb]. +The @i[des] directory contains source for the DES encryption library. +The @i[kadm] directory contains source for the Kerberos administration +server utility library. +The @i[kdb] directory contains source for the Kerberos database +routine library. +The @i[knet] directory contains source for a library used by clients of +the @i[knetd] server. +The @i[krb] directory contains source for the @i[libkrb.a] +library. +This library contains routines that are used by the Kerberos server program, +and by applications programs that require authentication service. + +@section[The @p(man) Directory] + +This directory contains manual pages for Kerberos programs and +library routines. + +@section[The @p(prototypes) Directory] + +This directory contains prototype +@i[/etc/services] and @i[/etc/krb.conf] files. +New entries must be added to the @i[/etc/services] file for +the Kerberos server, and possibly for Kerberized applications +(@i[services.append] contains the entries used by the Athena-provided +servers & applications, and is suitable for appending to your existing +@i[/etc/services] file.). +The @i[/etc/krb.conf] file defines the local Kerberos realm +for its host and lists Kerberos servers for given realms. +The @i[/etc/krb.realms] file defines exceptions for mapping machine +names to Kerberos realms. + +@section[The @p(tools) Directory] + +This directory contains +a makefile to set up a directory tree +for building the software in, and +a shell script to format code in the +style we use. + + +@section[The @p(util) Directory] + +This directory contains several utility programs and libraries. +Included are Larry Wall's @i[patch] program, a @i[make] pre-processor +program called +@i[imake], and a program for generating Makefile dependencies, +@i[makedepend], as well as the Sub-system library and +utilities (@i[ss]), and the Error table library and utilities (@i[et]). + +@chapter[Preparing for Installation] + +This document assumes that you will build the system +on the machine on which you plan to install +the Kerberos master server and its database. +You'll need about 10 megabytes for source and executables. + +By default, there must be +a @i[/kerberos] directory on the master server machine +in which to store the Kerberos +database files. +If the master server machine does not have room on its root partition +for these files, +create a @i[/kerberos] symbolic link to another file system. + +@chapter[Preparing for the Build] + +Before you build the system, +you have to choose a @b[realm name], +the name that specifies the system's administrative domain. +Project Athena uses the internet domain name ATHENA.MIT.EDU +to specify its Kerberos realm name. +We recommend using a name of this form. +@b[NOTE:] the realm-name is case sensitive; by convention, we suggest +that you use your internet domain name, in capital letters. + +Edit the [SOURCE_DIR]/@i[include/krb.h] file and look for the following +lines of code: +@begin[example] +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. + * KRB_CONF is the configuration file where different host + * machines running master and slave servers can be found. + * KRB_MASTER is the name of the machine with the master + * database. The admin_server runs on this machine, and all + * changes to the db (as opposed to read-only requests, which + * can go to slaves) must go to it. + * KRB_HOST is the default machine when looking for a kerberos + * slave server. Other possibilities are in the KRB_CONF file. + * KRB_REALM is the name of the realm. + */ + +#ifdef notdef +this is server-only, does not belong here; +#define KRBLOG "/kerberos/kerberos.log" +are these used anyplace '?'; +#define VX_KRB_HSTFILE "/etc/krbhst" +#define PC_KRB_HSTFILE "\\kerberos\\krbhst" +#endif + +#define KRB_CONF "/etc/krb.conf" +#define KRB_RLM_TRANS "/etc/krb.realms" +#define KRB_MASTER "kerberos" +#define KRB_HOST KRB_MASTER +#define KRB_REALM "ATHENA.MIT.EDU" +@end[example] +Edit the last line as follows: +@begin[enumerate] +Change the KRB_REALM definition so that it specifies the realm name +you have chosen for your Kerberos system. This is a default which is +usually overridden by a configuration file on each machine; however, if +that config file is absent, many programs will use this "built-in" realm +name. +@end[enumerate] + +@section[The @p(/etc/krb.conf) File] + +Create a @i[/etc/krb.conf] file using the following format: +@begin[example] +@p[realm_name] +@p[realm_name] @p[master_server_name] admin server +@end[example] +where @i[realm_name] specifies the system's realm name, +and @i[master_server_name] specifies the machine name on +which you will run the master server. The words 'admin server' must +appear next to the name of the server on which you intend to run the +administration server (which must be a machine with access to the database). + +For example, +if your realm name is @i[tim.edu] and your master server's name is +@i[kerberos.tim.edu], the file should have these contents: +@begin[example] +tim.edu +tim.edu kerberos.tim.edu admin server +@end[example] + +See the [SOURCE_DIR]/@i[prototypes/etc.krb.conf] file for an +example @i[/etc/krb.conf] file. That file has examples of how to +provide backup servers for a given realm (additional lines with the same +leading realm name) and how to designate servers for remote realms. + +@section[The @p(/etc/krb.realms) File] + +In many situations, the default realm in which a host operates will be +identical to the domain portion its Internet domain name. + +If this is not the case, you will need to establish a translation from +host name or domain name to realm name. This is accomplished with the +@i(/etc/krb.realms) file. + +Each line of the translation file specifies either a hostname or domain +name, and its associated realm: +@begin[example] +.domain.name kerberos.realm1 +host.name kerberos.realm2 +@end[example] +For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 +but the host FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read: +@begin[example] +.LSC.TIM.EDU KRB.REALM1 +FILMS.LSC.TIM.EDU KRB.REALM2 +@end[example] +If a particular host matches both a domain and a host entry, the host +entry takes precedence. + +@chapter[Building the Software] + +Before you build the software +read the @b[README] file in [SOURCE_DIR]. +What follows is a more detailed description of the instructions +listed in README. +@begin[enumerate] +Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you +are about to build, for example, +@i[/mit/kerberos/obj]. + +Change directory to [OBJ_DIR]. +The following command creates directories under [OBJ_DIR] +and installs Makefiles for the final build. +@begin[example, rightmargin -7] +host% @b(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR]) +@end[example] + + + +Change directory to util/imake.includes. Read through config.Imakefile, +turning on appropriate flags for your installation. Change SRCTOP so +that it is set to the top level of your source directory. + +Check that your machine type has a definition in include/osconf.h & +related files in the source tree (if it doesn't, then you may need to +create your own; if you get successful results, please post to +kerberos@@athena.mit.edu) + +Change directory to [OBJ_DIR]. The next command generates new Makefiles +based on the configuration you selected in config.Imakefile, then adds +dependency information to the Makefiles, and finally builds the system: +@begin[example, rightmargin -7] +host% @b(make world) +@end[example] +This command takes a while to complete; you may wish to redirect the +output onto a file and put the job in the background: +@begin[example, rightmargin -7] +host% @b(make world >&WORLDLOG_891201 &) +@end[example] +If you need to rebuild the Kerberos programs and libraries after making +a change, you can usually just type: +@begin[example, rightmargin -7] +host% @b(make all) +@end[example] +However, if you changed the configuration in config.Imakefile or modified +the Imakefiles or Makefiles, you should run @i[make world] to re-build +all the Makefiles and dependency lists. +@end(enumerate) + +@section[Testing the DES Library] + +Use the @i[verify] command to test the DES library +implementation: +@begin[example] +host% @b([OBJ_DIR]/lib/des/verify) +@end[example] +The command should display the following: +@begin[example, rightmargin -10] +Examples per FIPS publication 81, keys ivs and cipher +in hex. These are the correct answers, see below for +the actual answers. + +Examples per Davies and Price. + +EXAMPLE ECB key = 08192a3b4c5d6e7f + clear = 0 + cipher = 25 dd ac 3e 96 17 64 67 +ACTUAL ECB + clear "" + cipher = (low to high bytes) + 25 dd ac 3e 96 17 64 67 + +EXAMPLE ECB key = 0123456789abcdef + clear = "Now is the time for all " + cipher = 3f a4 0e 8a 98 4d 48 15 ... +ACTUAL ECB + clear "Now is the time for all " + cipher = (low to high bytes) + 3f a4 0e 8a 98 4d 48 15 + +EXAMPLE CBC key = 0123456789abcdef iv = 1234567890abcdef + clear = "Now is the time for all " + cipher = e5 c7 cd de 87 2b f2 7c + 43 e9 34 00 8c 38 9c 0f + 68 37 88 49 9a 7c 05 f6 +ACTUAL CBC + clear "Now is the time for all " + ciphertext = (low to high bytes) + e5 c7 cd de 87 2b f2 7c + 43 e9 34 00 8c 38 9c 0f + 68 37 88 49 9a 7c 05 f6 + 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 00 + decrypted clear_text = "Now is the time for all " +EXAMPLE CBC checksum key = 0123456789abcdef iv = 1234567890abcdef + clear = "7654321 Now is the time for " + checksum 58 d2 e7 7e 86 06 27 33 or some part thereof +ACTUAL CBC checksum + encrypted cksum = (low to high bytes) + 58 d2 e7 7e 86 06 27 33 +@end[example] + +If the @i[verify] command fails to display this information as specified +above, the implementation of DES for your hardware needs to +be adjusted. +Your Kerberos system cannot work properly if your DES library +fails this test. + +When you have finished building the software, +you will find the executables in the object tree as follows: +@begin[description] +@b([OBJ_DIR]/admin)@\@i[ext_srvtab], @i[kdb_destroy], +@i[kdb_edit], @i[kdb_init], @i[kdb_util], and @i[kstash]. + +@b([OBJ_DIR]/kuser)@\@i[kdestroy], @i[kinit], @i[klist], @i[ksrvtgt], +and @i[ksu]. + +@b([OBJ_DIR]/server)@\@i[kerberos]. + +@b([OBJ_DIR]/appl/bsd)@\@i[klogind], @i[kshd], @i[login.krb], @i[rcp], +@i[rlogin], and @i[rsh]. + +@b([OBJ_DIR]/appl/knetd)@\@i[knetd]. + +@b([OBJ_DIR]/appl/sample)@\@i[sample_server], @i[sample_client], +@i[simple_server], and @i[simple_client]. + +@b([OBJ_DIR]/appl/tftp)@\@i[tcom], @i[tftpd], and @i[tftp]. + +@b([OBJ_DIR]/slave)@\@i[kprop] and @i[kpropd]. +@end[description] + +@chapter[Installing the Software] + +To install the software, issue the @i[make install] command from +the [OBJ_DIR] (you need to be a privileged user in order to +properly install the programs). +Programs can either be installed in default directories, or under +a given root directory, as described below. + +@section[The ``Standard'' Places] + +If you use the @i[make] command as follows: +@begin[example] +host# @b(make install) +@end[example] +the installation process will try to install the various parts of the +system in ``standard'' directories. +This process creates the ``standard'' directories as needed. + +The standard installation process copies things as follows: +@begin[itemize] +The @i[include] files @i[krb.h], @i[des.h], @i[mit-copyright.h], +@i[kadm.h] and @i[kadm_err.h] get copied to the +@i[/usr/include] directory. + +The Kerberos libraries @i[libdes.a], @i[libkrb.a], @i[libkdb.a], +@i[libkadm.a], @i[libknet.a], and @i[libacl.a] get copied +to the @i[/usr/athena/lib] (or wherever you pointed LIBDIR in +config.Imakefile) directory. + +The Kerberos master database utilities @i[kdb_init], @i[kdb_destroy], +@i[kdb_edit], @i[kdb_util], @i[kstash], and @i[ext_srvtab] get copied to +the @i[/usr/etc] (DAEMDIR) directory. + +The Kerberos user utilities @i[kinit], @i[kdestroy], @i[klist], +@i[ksrvtgt] and @i[ksu] get copied to the @i[/usr/athena] (PROGDIR) +directory. + +The modified Berkeley utilities @i[rsh], @i[rlogin] get copied to the +@i[/usr/ucb] (UCBDIR) directory; @i[rcp] gets copied to the @i[/bin] +(SLASHBINDIR) directory; and @i[rlogind], @i[rshd], and @i[login.krb] +get copied to the @i[/usr/etc] (DAEMDIR) directory. The old copies of +the user programs are renamed @i(rsh.ucb), @i(rlogin.ucb) and +@i(rcp.ucb), respectively. The Kerberos versions of these programs are +designed to fall back and execute the original versions if something +prevents the Kerberos versions from succeeding. + +The Kerberos version of @i[tftp] and @i[tcom] get copied to the +@i[/usr/athena] (PROGDIR) directory; @i[tftpd] gets copied to the +@i[/etc] (ETCDIR) directory. @i[tftp] and @i[tftpd] are installed +set-uid to an unprivileged user (user id of DEF_UID). + +The @i[knetd] daemon gets copied to the @i[/usr/etc] (DAEMDIR) directory. + +The Kerberos server @i[kerberos], the slave propagation software +@i[kprop] and @i[kpropd], and the administration server @i[kadmind] get +copied to the @i[/usr/etc] (SVRDIR, SVRDIR, and DAEMDIR) directory. + +The remote administration tools @i[kpasswd], @i[ksrvutil] and @i[kadmin] +get copied to the @i[/usr/athena] (PROGDIR) directory. + +The Kerberos manual pages get installed in the appropriate +@i[/usr/man] directories. Don't forget to run @i[makewhatis] +after installing the manual pages. + +@end[itemize] + +@section[``Non-Standard'' Installation] + +If you'd rather install the software in a different location, +you can use the @i[make] command as follows, +where [DEST_DIR] specifies an alternate destination directory +which will be used as the root for the installed programs, i.e. programs +that would normally be installed in /usr/athena would be installed in +[DEST_DIR]/usr/athena. +@begin[example] +host# @b(make install DESTDIR=[DEST_DIR]) +@end[example] + +@chapter[Conclusion] + +Now that you have built and installed your Kerberos system, +use the accompanying @u[Kerberos Operation Notes] +to create a Kerberos Master database, install authenticated services, +and start the Kerberos server. + +@chapter [Acknowledgements] + +We'd like to thank Henry Mensch and Jon Rochlis for helping us debug +this document. diff --git a/doc/old-V4-docs/operation.PS b/doc/old-V4-docs/operation.PS new file mode 100644 index 000000000..3afb8cf06 --- /dev/null +++ b/doc/old-V4-docs/operation.PS @@ -0,0 +1,2669 @@ +%!PS-Adobe-2.0 +%%Title: operation.mss +%%DocumentFonts: (atend) +%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) +%%CreationDate: 4 January 1990 11:55 +%%Pages: (atend) +%%EndComments +% PostScript Prelude for Scribe. +/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def +/ES {showpage SV restore} bind def +/SC {setrgbcolor} bind def +/FMTX matrix def +/RDF {WFT SLT 0.0 eq + {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} + {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} + ifelse makefont setfont} bind def +/SLT 0.0 def +/SI { /SLT exch cvr def RDF} bind def +/WFT /Courier findfont def +/SF { /WFT exch findfont def RDF} bind def +/SSZ 1000.0 def +/SS { /SSZ exch 100.0 mul def RDF} bind def +/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def +/MT /moveto load def +/XM {currentpoint exch pop moveto} bind def +/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto + setlinewidth 0.0 rlineto stroke grestore} bind def +/LH {gsave newpath moveto setlinewidth + 0.0 rlineto + gsave stroke grestore} bind def +/LV {gsave newpath moveto setlinewidth + 0.0 exch rlineto + gsave stroke grestore} bind def +/BX {gsave newpath moveto setlinewidth + exch + dup 0.0 rlineto + exch 0.0 exch neg rlineto + neg 0.0 rlineto + closepath + gsave stroke grestore} bind def +/BX1 {grestore} bind def +/BX2 {setlinewidth 1 setgray stroke grestore} bind def +/PB {/PV save def newpath translate + 100.0 -100.0 scale pop /showpage {} def} bind def +/PE {PV restore} bind def +/GB {/PV save def newpath translate rotate + div dup scale 100.0 -100.0 scale /showpage {} def} bind def +/GE {PV restore} bind def +/FB {dict dup /FontMapDict exch def begin} bind def +/FM {cvn exch cvn exch def} bind def +/FE {end /original-findfont /findfont load def /findfont + {dup FontMapDict exch known{FontMapDict exch get} if + original-findfont} def} bind def +/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def +/EC /grestore load def +/SH /show load def +/MX {exch show 0.0 rmoveto} bind def +/W {0 32 4 -1 roll widthshow} bind def +/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def +/RC {100.0 -100.0 scale +612.0 0.0 translate +-90.0 rotate +.01 -.01 scale} bind def +/URC {100.0 -100.0 scale +90.0 rotate +-612.0 0.0 translate +.01 -.01 scale} bind def +/RCC {100.0 -100.0 scale +0.0 -792.0 translate 90.0 rotate +.01 -.01 scale} bind def +/URCC {100.0 -100.0 scale +-90.0 rotate 0.0 792.0 translate +.01 -.01 scale} bind def +%%EndProlog +%%Page: 0 1 +BS +0 SI +20 /Times-Bold AF +19324 13788 MT +(Kerberos Operation Notes)SH +27156 15798 MT +(DRAFT)SH +16 /Times-Roman AF +27021 23502 MT +(Bill Bryant)SH +27289 25150 MT +(John Kohl)SH +23957 26798 MT +(Project Athena, MIT)SH +/Times-Bold SF +19489 32396 MT +(Initial Release, January 24, 1989)SH +/Times-Italic SF +17558 34044 MT +(\050plus later patches through patchlevel 7\051)SH +11 /Times-Roman AF +7200 43798 MT +(These notes assume that you have used the)SH +/Times-Italic SF +26322 XM +(Kerberos Installation Notes)SH +/Times-Roman SF +38821 XM +(to build and install your Kerberos)SH +7200 44994 MT +(system. As) +275 W( in that document, we refer to the directory that contains the built Kerberos binaries as)SH +7200 46190 MT +([OBJ_DIR].)SH +7200 48488 MT +(This document assumes that you are a Unix system manager.)SH +ES +%%Page: 1 2 +BS +0 SI +16 /Times-Bold AF +7200 8272 MT +(1. How) +400 W( Kerberos Works: A Schematic Description)SH +11 /Times-Roman AF +7200 10467 MT +(This section provides a simplified description of a general user's interaction with the Kerberos system.)SH +7200 11663 MT +(This interaction happens transparently--users don't need to know and probably don't care about what's)SH +7200 12859 MT +(going on--but Kerberos administrators might find a schematic description of the process useful. The)SH +7200 14055 MT +(description glosses over a lot of details; for more information, see)SH +/Times-Italic SF +36404 XM +(Kerberos: An Authentication Service)SH +7200 15251 MT +(for Open Network Systems)SH +/Times-Roman SF +(, a paper presented at Winter USENIX 1988, in Dallas, Texas.)SH +14 /Times-Bold AF +7200 19069 MT +(1.1 Network) +350 W( Services and Their Client Programs)SH +11 /Times-Roman AF +7200 21264 MT +(In an environment that provides network services, you use)SH +/Times-Italic SF +33164 XM +(client)SH +/Times-Roman SF +35883 XM +(programs to request service from)SH +/Times-Italic SF +50696 XM +(server)SH +/Times-Roman SF +7200 22460 MT +(programs that are somewhere on the network. Suppose you have logged in to a workstation and you want)SH +7200 23656 MT +(to)SH +/Times-Italic SF +8331 XM +(rlogin)SH +/Times-Roman SF +11296 XM +(to another machine. You use the local)SH +/Times-Italic SF +28493 XM +(rlogin)SH +/Times-Roman SF +31458 XM +(client program to contact the remote machine's)SH +/Times-Italic SF +7200 24852 MT +(rlogin)SH +/Times-Roman SF +10165 XM +(service daemon.)SH +14 /Times-Bold AF +7200 28670 MT +(1.2 Kerberos) +350 W( Tickets)SH +11 /Times-Roman AF +7200 30865 MT +(Under Kerberos, the)SH +/Times-Italic SF +16422 XM +(rlogin)SH +/Times-Roman SF +19387 XM +(service program allows a client to login to a remote machine if it can provide)SH +7200 32061 MT +(a Kerberos)SH +/Times-Bold SF +12268 XM +(ticket)SH +/Times-Roman SF +15169 XM +(for the request. This ticket proves the identity of the person who has used the client)SH +7200 33257 MT +(program to access the server program.)SH +14 /Times-Bold AF +7200 37075 MT +(1.3 The) +350 W( Kerberos Master Database)SH +11 /Times-Roman AF +7200 39270 MT +(Kerberos will give you tickets only if you have an entry in the Kerberos server's)SH +/Times-Bold SF +42845 XM +(master database)SH +/Times-Roman SF +(. Your)275 W +7200 40466 MT +(database entry includes your Kerberos username \050often referred to as your Kerberos)SH +/Times-Bold SF +44394 XM +(principal)SH +/Times-Roman SF +48949 XM +(name\051, and)SH +7200 41662 MT +(your Kerberos password. Every Kerberos user must have an entry in this database.)SH +14 /Times-Bold AF +7200 45480 MT +(1.4 The) +350 W( Ticket-Granting Ticket)SH +11 /Times-Roman AF +7200 47675 MT +(The)SH +/Times-Italic SF +9185 XM +(kinit)SH +/Times-Roman SF +11416 XM +(command prompts for your Kerberos username and password, and if you enter them)SH +7200 48871 MT +(successfully, you will obtain a Kerberos)SH +/Times-Italic SF +25131 XM +(ticket-granting ticket)SH +/Times-Roman SF +(. As) +275 W( illustrated below, client programs use)SH +7200 50067 MT +(this ticket to get other Kerberos tickets as needed.)SH +14 /Times-Bold AF +7200 53885 MT +(1.5 Network) +350 W( Services and the Master Database)SH +11 /Times-Roman AF +7200 56080 MT +(The master database also contains entries for all network services that require Kerberos authentication.)SH +7200 57276 MT +(Suppose for instance that your site has a machine)SH +/Times-Italic SF +29163 XM +(laughter)SH +/Times-Roman SF +33166 XM +(that requires Kerberos authentication from)SH +7200 58472 MT +(anyone who wants to)SH +/Times-Italic SF +16792 XM +(rlogin)SH +/Times-Roman SF +19757 XM +(to it. This service must be registered in the master database. Its entry)SH +7200 59668 MT +(includes the service's principal name, and its)SH +/Times-Bold SF +27238 XM +(instance)SH +/Times-Roman SF +(.)SH +7200 61966 MT +(The)SH +/Times-Italic SF +9185 XM +(instance)SH +/Times-Roman SF +13126 XM +(is the name of the service's machine; in this case, the service's instance is the name)SH +/Times-Italic SF +7200 63162 MT +(laughter)SH +/Times-Roman SF +(. The) +275 W( instance provides a means for Kerberos to distinguish between machines that provide the)SH +7200 64358 MT +(same service. Your site is likely to have more than one machine that provides)SH +/Times-Italic SF +41840 XM +(rlogin)SH +/Times-Roman SF +44805 XM +(service.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(1)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 2 3 +BS +0 SI +14 /Times-Bold AF +7200 8138 MT +(1.6 The) +350 W( User-Kerberos Interaction)SH +11 /Times-Roman AF +7200 10333 MT +(Suppose that you \050in the guise of a general user\051 walk up to a workstation intending to login to it, and)SH +7200 11529 MT +(then)SH +/Times-Italic SF +9369 XM +(rlogin)SH +/Times-Roman SF +12334 XM +(to the machine)SH +/Times-Italic SF +19085 XM +(laughter)SH +/Times-Roman SF +(. Here's) +275 W( what happens.)SH +9400 13480 MT +(1.)SH +10500 XM +(You login to the workstation and use the)SH +/Times-Italic SF +28648 XM +(kinit)SH +/Times-Roman SF +30879 XM +(command to to get a ticket-granting ticket.)SH +10500 14676 MT +(This command prompts you for your username \050your Kerberos Principal Name\051, and your)SH +10500 15872 MT +(Kerberos password [on some systems which use the new version of)SH +/Times-Italic SF +40465 XM +(/bin/login)SH +/Times-Roman SF +(, this may be)SH +10500 17068 MT +(done as part of the login process, not requiring the user to run a separate program].)SH +12762 19019 MT +(a.)SH +13800 XM +(The)SH +/Times-Italic SF +15785 XM +(kinit)SH +/Times-Roman SF +18016 XM +(command sends your request to the Kerberos master server machine. The)SH +13800 20215 MT +(server software looks for your principal name's entry in the Kerberos)SH +/Times-Bold SF +44555 XM +(master)SH +13800 21411 MT +(database)SH +/Times-Roman SF +(.)SH +12700 23305 MT +(b.)SH +13800 XM +(If this entry exists, the Kerberos server creates and returns a)SH +/Times-Italic SF +40430 XM +(ticket-granting ticket)SH +/Times-Roman SF +(,)SH +13800 24501 MT +(encrypted in your password. If)SH +/Times-Italic SF +27819 XM +(kinit)SH +/Times-Roman SF +30050 XM +(can decrypt the Kerberos reply using the)SH +13800 25697 MT +(password you provide, it stores this ticket in a)SH +/Times-Bold SF +34270 XM +(ticket file)SH +/Times-Roman SF +38912 XM +(on your local machine for)SH +13800 26893 MT +(later use. The ticket file to be used can be specified in the)SH +/Times-Bold SF +39609 XM +(KRBTKFILE)SH +/Times-Roman SF +13800 28089 MT +(environment variable. If this variable is not set, the name of the file will be)SH +/Times-Italic SF +13800 29285 MT +(/tmp/tkt)SH +/Times-BoldItalic SF +(uid)SH +/Times-Roman SF +(, where)SH +/Times-BoldItalic SF +22141 XM +(uid)SH +/Times-Roman SF +23884 XM +(is the UNIX user-id, represented in decimal.)SH +9400 31236 MT +(2.)SH +10500 XM +(Now you use the)SH +/Times-Italic SF +18198 XM +(rlogin)SH +/Times-Roman SF +21163 XM +(client to try to access the machine)SH +/Times-Italic SF +36344 XM +(laughter)SH +/Times-Roman SF +(.)SH +/Courier SF +11820 32813 MT +(host%)SH +/Times-Bold SF +15780 XM +(rlogin laughter)275 W +/Times-Roman SF +12762 34764 MT +(a.)SH +13800 XM +(The)SH +/Times-Italic SF +15785 XM +(rlogin)SH +/Times-Roman SF +18750 XM +(client checks your ticket file to see if you have a ticket for)SH +/Times-Italic SF +44559 XM +(laughter)SH +/Times-Roman SF +('s)SH +/Times-Italic SF +13800 35960 MT +(rcmd)SH +/Times-Roman SF +16335 XM +(service \050the rlogin program uses the)SH +/Times-Italic SF +32401 XM +(rcmd)SH +/Times-Roman SF +34936 XM +(service name, mostly for historical)SH +13800 37156 MT +(reasons\051. You) +275 W( don't, so)SH +/Times-Italic SF +24583 XM +(rlogin)SH +/Times-Roman SF +27548 XM +(uses the ticket file's)SH +/Times-Italic SF +36590 XM +(ticket-granting ticket)SH +/Times-Roman SF +46060 XM +(to make a)SH +13800 38352 MT +(request to the master server's ticket-granting service.)SH +12700 40246 MT +(b.)SH +13800 XM +(This ticket-granting service receives the)SH +/Times-Italic SF +31667 XM +(rcmd-laughter)SH +/Times-Roman SF +38296 XM +(request and looks in the)SH +13800 41442 MT +(master database for an)SH +/Times-Italic SF +23938 XM +(rcmd-laughter)SH +/Times-Roman SF +30567 XM +(entry. If) +275 W( that entry exists, the ticket-granting)SH +13800 42638 MT +(service issues you a ticket for that service. That ticket is also cached in your ticket)SH +13800 43834 MT +(file.)SH +12762 45728 MT +(c.)SH +13800 XM +(The)SH +/Times-Italic SF +15785 XM +(rlogin)SH +/Times-Roman SF +18750 XM +(client now uses that ticket to request service from the)SH +/Times-Italic SF +42454 XM +(laughter rlogin)SH +/Times-Roman SF +13800 46924 MT +(service program. The service program lets you)SH +/Times-Italic SF +34843 XM +(rlogin)SH +/Times-Roman SF +37808 XM +(if the ticket is valid.)SH +16 /Times-Bold AF +7200 51596 MT +(2. Setting) +400 W( Up and Testing the Kerberos Server)SH +11 /Times-Roman AF +7200 53791 MT +(The procedure for setting up and testing a Kerberos server is as follows:)SH +9400 55742 MT +(1.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kdb_init)SH +/Times-Roman SF +17985 XM +(command to create and initialize the master database.)SH +9400 57636 MT +(2.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kdb_edit)SH +/Times-Roman SF +18167 XM +(utility to add your username to the master database.)SH +9400 59530 MT +(3.)SH +10500 XM +(Start the Kerberos server.)SH +9400 61424 MT +(4.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kinit)SH +/Times-Roman SF +16335 XM +(command to obtain a Kerberos ticket-granting ticket.)SH +9400 63318 MT +(5.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(klist)SH +/Times-Roman SF +16213 XM +(command to verify that the)SH +/Times-Italic SF +28402 XM +(kinit)SH +/Times-Roman SF +30633 XM +(command authenticated you successfully.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(2)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 3 4 +BS +0 SI +14 /Times-Bold AF +7200 8138 MT +(2.1 Creating) +350 W( and Initializing the Master Database)SH +11 /Times-Roman AF +7200 10333 MT +(Login to the Kerberos master server machine, and use the)SH +/Times-Bold SF +32825 XM +(su)SH +/Times-Roman SF +34140 XM +(command to become root. If you installed)SH +7200 11529 MT +(the Kerberos administration tools with the)SH +/Times-Italic SF +26020 XM +(make install)SH +/Times-Roman SF +31642 XM +(command and the default pathnames, they should)SH +7200 12725 MT +(be in the)SH +/Times-Italic SF +11263 XM +(/usr/etc)SH +/Times-Roman SF +14838 XM +(directory. If) +275 W( you installed the tools in a different directory, hopefully you know what it)SH +7200 13921 MT +(is. From) +275 W( now on, we will refer to this directory as [ADMIN_DIR].)SH +7200 16219 MT +(The)SH +/Times-Italic SF +9185 XM +(kdb_init)SH +/Times-Roman SF +13066 XM +(command creates and initializes the master database. It asks you to enter the system's realm)SH +7200 17415 MT +(name and the database's master password. Do not forget this password. If you do, the database becomes)SH +7200 18611 MT +(useless. \050Your) +275 W( realm name should be substituted for [REALMNAME] below.\051)SH +7200 20909 MT +(Use)SH +/Times-Italic SF +9185 XM +(kdb_init)SH +/Times-Roman SF +13066 XM +(as follows:)SH +/Courier SF +8520 22486 MT +(host#)SH +/Times-Bold SF +12480 XM +([ADMIN_DIR]/kdb_init)SH +/Courier SF +8520 23600 MT +(Realm name \050default XXX\051:)SH +/Times-Bold SF +25680 XM +([REALMNAME])SH +39600 XM +(<--)SH +/Times-BoldItalic SF +41619 XM +(Enter your system's realm name.)SH +/Courier SF +8520 24714 MT +(You will be prompted for the database Master Password.)SH +8520 25828 MT +(It is important that you NOT FORGET this password.)SH +8520 28056 MT +(Enter Kerberos master key:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter the master password.)SH +14 /Times-Bold AF +7200 32988 MT +(2.2 Storing) +350 W( the Master Password)SH +11 /Times-Roman AF +7200 35183 MT +(The)SH +/Times-Italic SF +9185 XM +(kstash)SH +/Times-Roman SF +12210 XM +(command ``stashes'' the master password in the file)SH +/Times-Italic SF +35424 XM +(/.k)SH +/Times-Roman SF +36768 XM +(so that the Kerberos server can be)SH +7200 36379 MT +(started automatically during an unattended reboot of the master server. Other administrative programs)SH +7200 37575 MT +(use this hidden password so that they can access the master database without someone having to manually)SH +7200 38771 MT +(provide the master password. This command is an optional one; if you'd rather enter the master password)SH +7200 39967 MT +(each time you start the Kerberos server, don't use)SH +/Times-Italic SF +29312 XM +(kstash)SH +/Times-Roman SF +(.)SH +7200 42265 MT +(One the one hand, if you use)SH +/Times-Italic SF +20090 XM +(kstash)SH +/Times-Roman SF +(, a copy of the master key will reside on disk which may not be)SH +7200 43461 MT +(acceptable; on the other hand, if you don't use)SH +/Times-Italic SF +27848 XM +(kstash)SH +/Times-Roman SF +(, the server cannot be started unless someone is)SH +7200 44657 MT +(around to type the password in manually.)SH +7200 46955 MT +(The command prompts you twice for the master password:)SH +/Courier SF +8520 48532 MT +(host#)SH +/Times-Bold SF +12480 XM +([ADMIN_DIR]/kstash)SH +/Courier SF +8520 50760 MT +(Enter Kerberos master key:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter the master password.)SH +/Courier SF +8520 51874 MT +(Current Kerberos master key version is 1.)SH +8520 54102 MT +(Master key entered) +SH( BEWARE!)1320 W +/Times-Roman SF +7200 56400 MT +(A note about the Kerberos database master key: if your master key is compromised and the database is)SH +7200 57596 MT +(obtained, the security of your entire authentication system is compromised. The master key must be a)SH +7200 58792 MT +(carefully kept secret. If you keep backups, you must guard all the master keys you use, in case someone)SH +7200 59988 MT +(has stolen an old backup and wants to attack users' whose passwords haven't changed since the backup)SH +7200 61184 MT +(was stolen. This is why we provide the option not to store it on disk.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(3)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 4 5 +BS +0 SI +14 /Times-Bold AF +7200 8167 MT +(2.3 Using)350 W +/Times-BoldItalic SF +13423 XM +(kdb_edit)SH +/Times-Bold SF +18673 XM +(to Add Users to the Master Database)SH +11 /Times-Roman AF +7200 10362 MT +(The)SH +/Times-Italic SF +9185 XM +(kdb_edit)SH +/Times-Roman SF +13248 XM +(program is used to add new users and services to the master database, and to modify)SH +7200 11558 MT +(existing database information. The program prompts you to enter a principal's)SH +/Times-Bold SF +42177 XM +(name)SH +/Times-Roman SF +45018 XM +(and)SH +/Times-Bold SF +46881 XM +(instance)SH +/Times-Roman SF +(.)SH +7200 13856 MT +(A principal name is typically a username or a service program's name. An instance further qualifies the)SH +7200 15052 MT +(principal. If) +275 W( the principal is a service, the instance is used to specify the name of the machine on which)SH +7200 16248 MT +(that service runs. If the principal is a username that has general user privileges, the instance is usually set)SH +7200 17444 MT +(to null.)SH +7200 19742 MT +(The following example shows how to use)SH +/Times-Italic SF +25805 XM +(kdb_edit)SH +/Times-Roman SF +29868 XM +(to add the user)SH +/Times-Italic SF +36588 XM +(wave)SH +/Times-Roman SF +39123 XM +(to the Kerberos database.)SH +/Courier SF +8520 21319 MT +(host#)SH +/Times-Bold SF +12480 XM +([ADMIN_DIR]/kdb_edit)SH +/Courier SF +8520 23547 MT +(Opening database...)SH +8520 25775 MT +(Enter Kerberos master key:)SH +8520 26889 MT +(Verifying, please re-enter)SH +8520 28003 MT +(Enter Kerberos master key:)SH +8520 29117 MT +(Current Kerberos master key version is 1)SH +8520 31345 MT +(Master key entered. BEWARE!)SH +8520 32459 MT +(Previous or default values are in [brackets] ,)SH +8520 33573 MT +(enter return to leave the same, or new value.)SH +8520 35801 MT +(Principal name:)SH +/Times-Bold SF +19080 XM +(wave)SH +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter the username.)SH +/Courier SF +8520 36915 MT +(Instance:)SH +/Times-BoldItalic SF +28800 XM +(<-- Enter a null instance.)SH +/Courier SF +8520 39143 MT +(, Create [y] ?)SH +/Times-Bold SF +25680 XM +(y)SH +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(The user-instance does not exist.)SH +30450 40257 MT +(Enter y to create the user-instance.)SH +/Courier SF +8520 41371 MT +(Principal: wave Instance: m_key_v: 1)SH +8520 42485 MT +(New Password:)SH +/Times-BoldItalic SF +28800 XM +(<-- Enter the user-instance's password.)SH +/Courier SF +8520 43599 MT +(Verifying, please re-enter)SH +8520 44713 MT +(New Password:)SH +8520 45827 MT +(Principal's new key version = 1)SH +8520 46941 MT +(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH +/Times-Bold SF +39600 XM +(<--)SH +/Times-BoldItalic SF +41619 XM +(Enter newlines)SH +/Courier SF +8520 48055 MT +(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH +/Times-Bold SF +39600 XM +(<--)SH +/Times-BoldItalic SF +41619 XM +(to get the)SH +/Courier SF +8520 49169 MT +(Attributes [ 0 ] ?)SH +/Times-Bold SF +30120 XM +(<--)SH +/Times-BoldItalic SF +32139 XM +(default values.)SH +/Courier SF +8520 50283 MT +(Edit O.K.)SH +8520 52511 MT +(Principal name:)SH +/Times-BoldItalic SF +28800 XM +(<-- Enter a newline to exit the program.)SH +/Times-Roman SF +7200 54809 MT +(Use the)SH +/Times-Italic SF +10804 XM +(kdb_edit)SH +/Times-Roman SF +14867 XM +(utility to add your username to the master database.)SH +14 /Times-Bold AF +7200 58627 MT +(2.4 Starting) +350 W( the Kerberos Server)SH +11 /Times-Roman AF +7200 60822 MT +(Change directories to the directory in which you have installed the server program)SH +/Times-Italic SF +43701 XM +(kerberos)SH +/Times-Roman SF +47824 XM +(\050the default)SH +7200 62018 MT +(directory is)SH +/Times-Italic SF +12454 XM +(/usr/etc)SH +/Times-Roman SF +(\051, and start the program as a background process:)SH +/Courier SF +8520 63595 MT +(host#)SH +/Times-Bold SF +12480 XM +(./kerberos &)SH +/Times-Roman SF +7200 65190 MT +(If you have used the)SH +/Times-Italic SF +16393 XM +(kstash)SH +/Times-Roman SF +19418 XM +(command to store the master database password, the server will start)SH +7200 66386 MT +(automatically. If) +275 W( you did not use)SH +/Times-Italic SF +22048 XM +(kstash)SH +/Times-Roman SF +(, use the following command:)SH +/Courier SF +8520 67963 MT +(host#)SH +/Times-Bold SF +12480 XM +(./kerberos -m)SH +10 /Times-Roman AF +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(4)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 5 6 +BS +0 SI +11 /Times-Roman AF +7200 7955 MT +(The server will prompt you to enter the master password before actually starting itself.)SH +14 /Times-Bold AF +7200 11773 MT +(2.5 Testing) +350 W( the Kerberos Server)SH +11 /Times-Roman AF +7200 13968 MT +(Exit the root account and use the)SH +/Times-Italic SF +21893 XM +(kinit)SH +/Times-Roman SF +24124 XM +(command obtain a Kerberos ticket-granting ticket. This command)SH +7200 15164 MT +(creates your ticket file and stores the ticket-granting ticket in it.)SH +7200 17462 MT +(If you used the default)SH +/Times-Italic SF +17371 XM +(make install)SH +/Times-Roman SF +22993 XM +(command and directories to install the Kerberos user utilities,)SH +/Times-Italic SF +50365 XM +(kinit)SH +/Times-Roman SF +7200 18658 MT +(will be in the)SH +/Times-Italic SF +13250 XM +(/usr/athena)SH +/Times-Roman SF +18537 XM +(directory. From now on, we'll refer to the Kerberos user commands directory as)SH +7200 19854 MT +([K_USER].)SH +7200 22152 MT +(Use)SH +/Times-Italic SF +9185 XM +(kinit)SH +/Times-Roman SF +11416 XM +(as follows:)SH +/Courier SF +8520 23729 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/kinit)SH +/Courier SF +8520 24843 MT +(MIT Project Athena, \050ariadne\051)SH +8520 25957 MT +(Kerberos Initialization)SH +8520 27071 MT +(Kerberos name:)SH +/Times-BoldItalic SF +18420 XM +(yourusername)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter your Kerberos username.)SH +/Courier SF +8520 28185 MT +(Password:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter your Kerberos password.)SH +/Times-Roman SF +7200 30483 MT +(Use the)SH +/Times-Italic SF +10804 XM +(klist)SH +/Times-Roman SF +12913 XM +(program to list the contents of your ticket file.)SH +/Courier SF +8520 32060 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/klist)SH +/Times-Roman SF +7200 33655 MT +(The command should display something like the following:)SH +/Courier SF +8520 35181 MT +(Ticket file:) +SH( /tmp/tkt5555)1980 W +8520 36295 MT +(Principal: yourusername@REALMNAME)3300 W +9840 38523 MT +(Issued Expires) +6600 W( Principal)5940 W +8520 39637 MT +(May 6) +660 W( 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@REALMNAME)SH +/Times-Roman SF +7200 41935 MT +(If you have any problems, you can examine the log file)SH +/Times-Italic SF +31758 XM +(/kerberos/kerberos.log)SH +/Times-Roman SF +42022 XM +(on the Kerberos server)SH +7200 43131 MT +(machine to see if there was some sort of error.)SH +16 /Times-Bold AF +7200 47803 MT +(3. Setting) +400 W( up and testing the Administration server)SH +11 /Times-Roman AF +7200 49998 MT +(The procedure for setting up and testing the Kerberos administration server is as follows:)SH +9400 51949 MT +(1.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kdb_edit)SH +/Times-Roman SF +18167 XM +(utility to add your username with an administration instance to the master)SH +10500 53145 MT +(database.)SH +9400 55039 MT +(2.)SH +10500 XM +(Edit the access control lists for the administration server)SH +9400 56933 MT +(3.)SH +10500 XM +(Start the Kerberos administration server.)SH +9400 58827 MT +(4.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kpasswd)SH +/Times-Roman SF +18107 XM +(command to change your password.)SH +9400 60721 MT +(5.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kadmin)SH +/Times-Roman SF +17617 XM +(command to add new entries to the database.)SH +9400 62615 MT +(6.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(kinit)SH +/Times-Roman SF +16335 XM +(command to verify that the)SH +/Times-Italic SF +28524 XM +(kadmin)SH +/Times-Roman SF +32037 XM +(command correctly added new entries to)SH +10500 63811 MT +(the database.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(5)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 6 7 +BS +0 SI +14 /Times-Bold AF +7200 8138 MT +(3.1 Adding) +350 W( an administration instance for the administrator)SH +11 /Times-Roman AF +7200 10333 MT +(Login to the Kerberos master server machine, and use the)SH +/Times-Bold SF +32825 XM +(su)SH +/Times-Roman SF +34140 XM +(command to become root. Use the)SH +/Times-Italic SF +49780 XM +(kdb_edit)SH +/Times-Roman SF +7200 11529 MT +(program to create an entry for each administrator with the instance ``)SH +/Times-BoldItalic SF +(admin)SH +/Times-Roman SF +(''.)SH +/Courier SF +8520 13106 MT +(host#)SH +/Times-Bold SF +12480 XM +([ADMIN_DIR]/kdb_edit)SH +/Courier SF +8520 15334 MT +(Opening database...)SH +8520 17562 MT +(Enter Kerberos master key:)SH +8520 18676 MT +(Verifying, please re-enter)SH +8520 19790 MT +(Enter Kerberos master key:)SH +8520 20904 MT +(Current Kerberos master key version is 1)SH +8520 23132 MT +(Master key entered. BEWARE!)SH +8520 24246 MT +(Previous or default values are in [brackets] ,)SH +8520 25360 MT +(enter return to leave the same, or new value.)SH +8520 27588 MT +(Principal name:)SH +/Times-Bold SF +19080 XM +(wave)SH +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter the username.)SH +/Courier SF +8520 28702 MT +(Instance:)SH +/Times-Bold SF +(admin)SH +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter ``admin''.)SH +/Courier SF +8520 30930 MT +(, Create [y] ?)SH +/Times-Bold SF +25680 XM +(y)SH +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(The user-instance does not exist.)SH +30450 32044 MT +(Enter y to create the user-instance.)SH +/Courier SF +8520 33158 MT +(Principal: wave Instance: admin m_key_v: 1)SH +8520 34272 MT +(New Password:)SH +/Times-BoldItalic SF +28800 XM +(<-- Enter the user-instance's password.)SH +/Courier SF +8520 35386 MT +(Verifying, please re-enter)SH +8520 36500 MT +(New Password:)SH +8520 37614 MT +(Principal's new key version = 1)SH +8520 38728 MT +(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH +/Times-Bold SF +39600 XM +(<--)SH +/Times-BoldItalic SF +41619 XM +(Enter newlines)SH +/Courier SF +8520 39842 MT +(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH +/Times-Bold SF +39600 XM +(<--)SH +/Times-BoldItalic SF +41619 XM +(to get the)SH +/Courier SF +8520 40956 MT +(Attributes [ 0 ] ?)SH +/Times-Bold SF +30120 XM +(<--)SH +/Times-BoldItalic SF +32139 XM +(default values.)SH +/Courier SF +8520 42070 MT +(Edit O.K.)SH +8520 44298 MT +(Principal name:)SH +/Times-BoldItalic SF +28800 XM +(<-- Enter a newline to exit the program.)SH +14 /Times-Bold AF +7200 48116 MT +(3.2 The) +350 W( Access Control Lists)SH +11 /Times-Roman AF +7200 50311 MT +(The Kerberos administration server uses three access control lists to determine who is authorized to make)SH +7200 51507 MT +(certain requests. The access control lists are stored on the master Kerberos server in the same directory as)SH +7200 52703 MT +(the principal database,)SH +/Times-Italic SF +17340 XM +(/kerberos)SH +/Times-Roman SF +(. The) +275 W( access control lists are simple ASCII text files, with each line)SH +7200 53899 MT +(specifying the name of one principal who is allowed the particular function. To allow several people to)SH +7200 55095 MT +(perform the same function, put their principal names on separate lines in the same file.)SH +7200 57393 MT +(The first list,)SH +/Times-Italic SF +13128 XM +(/kerberos/admin_acl.mod)SH +/Times-Roman SF +(, is a list of principals which are authorized to change entries in the)SH +7200 58589 MT +(database. To) +275 W( allow the administrator `)SH +/Times-Bold SF +(wave)SH +/Times-Roman SF +(' to modify entries in the database for the realm `)SH +/Times-Bold SF +(TIM.EDU)SH +/Times-Roman SF +(',)SH +7200 59785 MT +(you would put the following line into the file)SH +/Times-Italic SF +27275 XM +(/kerberos/admin_acl.mod)SH +/Times-Roman SF +(:)SH +/Courier SF +8520 61311 MT +(wave.admin@TIM.EDU)SH +/Times-Roman SF +7200 63609 MT +(The second list,)SH +/Times-Italic SF +14410 XM +(/kerberos/admin_acl.get)SH +/Times-Roman SF +(, is a list of principals which are authorized to retrieve entries)SH +7200 64805 MT +(from the database.)SH +7200 67103 MT +(The third list,)SH +/Times-Italic SF +13434 XM +(/kerberos/admin_acl.add)SH +/Times-Roman SF +(, is a list of principals which are authorized to add new entries to)SH +7200 68299 MT +(the database.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(6)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 7 8 +BS +0 SI +14 /Times-Bold AF +7200 8138 MT +(3.3 Starting) +350 W( the administration server)SH +11 /Times-Roman AF +7200 10333 MT +(Change directories to the directory in which you have installed the administration server program)SH +/Times-Italic SF +7200 11529 MT +(kadmind)SH +/Times-Roman SF +11263 XM +(\050the default directory is)SH +/Times-Italic SF +21831 XM +(/usr/etc)SH +/Times-Roman SF +(\051, and start the program as a background process:)SH +/Courier SF +8520 13106 MT +(host#)SH +/Times-Bold SF +12480 XM +(./kadmind -n&)SH +/Times-Roman SF +7200 14701 MT +(If you have used the)SH +/Times-Italic SF +16393 XM +(kstash)SH +/Times-Roman SF +19418 XM +(command to store the master database password, the server will start)SH +7200 15897 MT +(automatically. If) +275 W( you did not use)SH +/Times-Italic SF +22048 XM +(kstash)SH +/Times-Roman SF +(, use the following command:)SH +/Courier SF +8520 17474 MT +(host#)SH +/Times-Bold SF +12480 XM +(./kadmind)SH +/Times-Roman SF +7200 19069 MT +(The server will prompt you to enter the master password before actually starting itself; after it starts, you)SH +7200 20265 MT +(should suspend it and put it in the background \050usually this is done by typing control-Z and then)SH +/Times-Bold SF +49792 XM +(bg)SH +/Times-Roman SF +(\051.)SH +14 /Times-Bold AF +7200 24112 MT +(3.4 Testing)350 W +/Times-BoldItalic SF +14434 XM +(kpasswd)SH +11 /Times-Roman AF +7200 26307 MT +(To test the administration server, you should try changing your password with the)SH +/Times-Italic SF +43494 XM +(kpasswd)SH +/Times-Roman SF +47497 XM +(command, and)SH +7200 27503 MT +(you should try adding new users with the)SH +/Times-Italic SF +25592 XM +(kadmin)SH +/Times-Roman SF +29105 XM +(command \050both commands are installed into)SH +/Times-Italic SF +48963 XM +(/usr/athena)SH +/Times-Roman SF +7200 28699 MT +(by default\051.)SH +7200 30997 MT +(Before testing, you should exit the root account.)SH +7200 33295 MT +(To change your password, run the)SH +/Times-Italic SF +22441 XM +(kpasswd)SH +/Times-Roman SF +26444 XM +(command:)SH +/Courier SF +8520 34872 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/kpasswd)SH +/Courier SF +8520 35986 MT +(Old password for wave@TIM.EDU:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +(Enter your password)SH +/Courier SF +8520 37100 MT +(New Password for wave@TIM.EDU:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +(Enter a new password)SH +/Courier SF +8520 38214 MT +(Verifying, please re-enter New Password for wave@TIM.EDU:)SH +/Times-Bold SF +28800 39328 MT +(<--)SH +/Times-BoldItalic SF +(Enter new password again)SH +/Courier SF +8520 40442 MT +(Password changed.)SH +/Times-Roman SF +7200 42037 MT +(Once you have changed your password, use the)SH +/Times-Italic SF +28365 XM +(kinit)SH +/Times-Roman SF +30596 XM +(program as shown above to verify that the password)SH +7200 43233 MT +(was properly changed.)SH +14 /Times-Bold AF +7200 47080 MT +(3.5 Testing)350 W +/Times-BoldItalic SF +14434 XM +(kadmin)SH +11 /Times-Roman AF +7200 49275 MT +(You should also test the function of the)SH +/Times-Italic SF +24798 XM +(kadmin)SH +/Times-Roman SF +28311 XM +(program, by adding a new user \050here named)SH +7200 50471 MT +(``)SH +/Courier SF +(username)SH +/Times-Roman SF +(''\051:)SH +/Courier SF +8520 52048 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/kadmin)SH +/Courier SF +8520 53162 MT +(Welcome to the Kerberos Administration Program, version 2)SH +8520 54276 MT +(Type "help" if you need it.)SH +8520 55390 MT +(admin:)SH +/Times-Bold SF +13800 XM +(ank username)SH +/Times-BoldItalic SF +28800 XM +(`ank' stands for Add New Key)SH +/Courier SF +8520 56504 MT +(Admin password:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +(enter the password)SH +28800 57618 MT +(you chose above for wave.admin)SH +/Courier SF +8520 58732 MT +(Password for username:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +(Enter the user's initial password)SH +/Courier SF +8520 59846 MT +(Verifying, please re-enter Password for username:)SH +/Times-Bold SF +40920 XM +(<--)SH +/Times-BoldItalic SF +(enter it again)SH +/Courier SF +8520 60960 MT +(username added to database.)SH +8520 63188 MT +(admin: quit)660 W +8520 64302 MT +(Cleaning up and exiting.)SH +10 /Times-Roman AF +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(7)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 8 9 +BS +0 SI +14 /Times-Bold AF +7200 8167 MT +(3.6 Verifying) +350 W( with)SH +/Times-BoldItalic SF +18671 XM +(kinit)SH +11 /Times-Roman AF +7200 10362 MT +(Once you've added a new user, you should test to make sure it was added properly by using)SH +/Times-Italic SF +47917 XM +(kinit)SH +/Times-Roman SF +(, and)SH +7200 11558 MT +(trying to get tickets for that user:)SH +/Courier SF +8520 13135 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/kinit username)SH +/Courier SF +8520 14249 MT +(MIT Project Athena \050ariadne\051)SH +8520 15363 MT +(Kerberos Initialization for "username@TIM.EDU")SH +8520 16477 MT +(Password:)SH +/Times-Bold SF +15120 XM +(<--)SH +/Times-BoldItalic SF +(Enter the user's password you used above)SH +/Courier SF +8520 17591 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/klist)SH +/Courier SF +8520 18705 MT +(Ticket file:) +SH( /tmp/tkt_5509_spare1)1980 W +8520 19819 MT +(Principal: username@TIM.MIT.EDU)3300 W +9840 22047 MT +(Issued Expires) +6600 W( Principal)5940 W +8520 23161 MT +(Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@TIM.EDU)SH +/Times-Roman SF +7200 25459 MT +(If you have any problems, you can examine the log files)SH +/Times-Italic SF +32186 XM +(/kerberos/kerberos.log)SH +/Times-Roman SF +42450 XM +(and)SH +/Times-Italic SF +7200 26655 MT +(/kerberos/admin_server.syslog)SH +/Times-Roman SF +21008 XM +(on the Kerberos server machine to see if there was some sort of error.)SH +16 /Times-Bold AF +7200 31327 MT +(4. Setting) +400 W( up and testing slave server\050s\051)SH +11 /Times-Roman AF +7200 33522 MT +([Unfortunately, this chapter is not yet ready. Sorry. -ed])SH +16 /Times-Bold AF +7200 38194 MT +(5. A) +400 W( Sample Application)SH +11 /Times-Roman AF +7200 40389 MT +(This release of Kerberos comes with a sample application server and a corresponding client program.)SH +7200 41585 MT +(You will find this software in the [OBJ_DIR])SH +/Times-Italic SF +(/appl/sample)SH +/Times-Roman SF +33170 XM +(directory. The) +275 W( file)SH +/Times-Italic SF +41691 XM +(sample_client)SH +/Times-Roman SF +48076 XM +(contains the)SH +7200 42781 MT +(client program's executable code, the file)SH +/Times-Italic SF +25677 XM +(sample_server)SH +/Times-Roman SF +32366 XM +(contains the server's executable.)SH +7200 45079 MT +(The programs are rudimentary. When they have been installed \050the installation procedure is described in)SH +7200 46275 MT +(detail later\051, they work as follows:)SH +/Symbol SF +9169 48351 MT +(\267)SH +/Times-Roman SF +9950 XM +(The user starts)SH +/Times-Italic SF +16639 XM +(sample_client)SH +/Times-Roman SF +23024 XM +(and provides as arguments to the command the name of the)SH +9950 49547 MT +(server machine and a checksum. For instance:)SH +/Courier SF +11270 51147 MT +(host%)SH +/Times-Bold SF +15230 XM +(sample_client)SH +/Times-BoldItalic SF +22966 XM +(servername 43)385 W +/Symbol SF +9169 53041 MT +(\267)SH +/Times-Italic SF +9950 XM +(Sample_client)SH +/Times-Roman SF +16457 XM +(contacts the server machine and authenticates the user to)SH +/Times-Italic SF +41654 XM +(sample_server)SH +/Times-Roman SF +(.)SH +/Symbol SF +9169 54935 MT +(\267)SH +/Times-Italic SF +9950 XM +(Sample_server)SH +/Times-Roman SF +16761 XM +(authenticates itself to)SH +/Times-Italic SF +26384 XM +(sample_client)SH +/Times-Roman SF +(, then returns a message to the client)SH +9950 56131 MT +(program. This) +275 W( message contains diagnostic information that includes the user's username,)SH +9950 57327 MT +(the Kerberos realm, and the user's workstation address.)SH +/Symbol SF +9169 59221 MT +(\267)SH +/Times-Italic SF +9950 XM +(Sample_client)SH +/Times-Roman SF +16457 XM +(displays the server's message on the user's terminal screen.)SH +14 /Times-Bold AF +7200 63039 MT +(5.1 The) +350 W( Installation Process)SH +11 /Times-Roman AF +7200 65234 MT +(In general, you use the following procedure to install a Kerberos-authenticated server-client system.)SH +9400 67185 MT +(1.)SH +10500 XM +(Add the appropriate entry to the Kerberos database using)SH +/Times-Italic SF +35881 XM +(kdb_edit)SH +/Times-Roman SF +39944 XM +(or)SH +/Times-Italic SF +41135 XM +(kadmin)SH +/Times-Roman SF +44648 XM +(\050described)SH +10500 68381 MT +(below\051.)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(8)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 9 10 +BS +0 SI +11 /Times-Roman AF +9400 7955 MT +(2.)SH +10500 XM +(Create a)SH +/Times-Italic SF +14408 XM +(/etc/srvtab)SH +/Times-Roman SF +19327 XM +(file for the server machine.)SH +9400 9849 MT +(3.)SH +10500 XM +(Install the service program and the)SH +/Times-Italic SF +26016 XM +(/etc/srvtab)SH +/Times-Roman SF +30935 XM +(file on the server machine.)SH +9400 11743 MT +(4.)SH +10500 XM +(Install the client program on the client machine.)SH +9400 13637 MT +(5.)SH +10500 XM +(Update the)SH +/Times-Italic SF +15570 XM +(/etc/services)SH +/Times-Roman SF +21281 XM +(file on the client and server machines.)SH +7200 15935 MT +(We will use the sample application as an example, although the procedure used to install)SH +/Times-Italic SF +46484 XM +(sample_server)SH +/Times-Roman SF +7200 17131 MT +(differs slightly from the general case because the)SH +/Times-Italic SF +29006 XM +(sample_server)SH +/Times-Roman SF +35695 XM +(takes requests via the)SH +/Times-Italic SF +45347 XM +(inetd)SH +/Times-Roman SF +47822 XM +(program.)SH +/Times-Italic SF +7200 18327 MT +(Inetd)SH +/Times-Roman SF +9735 XM +(starts)SH +/Times-Italic SF +12332 XM +(sample_server)SH +/Times-Roman SF +19021 XM +(each time a client process contacts the server machine.)SH +/Times-Italic SF +43606 XM +(Sample_server)SH +/Times-Roman SF +7200 19523 MT +(processes the request, terminiates, then is restarted when)SH +/Times-Italic SF +32368 XM +(inetd)SH +/Times-Roman SF +34843 XM +(receives another)SH +/Times-Italic SF +42293 XM +(sample_client)SH +/Times-Roman SF +48678 XM +(request.)SH +7200 20719 MT +(When you install the program on the server, you must add a)SH +/Times-Italic SF +33807 XM +(sample)SH +/Times-Roman SF +37198 XM +(entry to the server machine's)SH +/Times-Italic SF +7200 21915 MT +(/etc/inetd.conf)SH +/Times-Roman SF +13738 XM +(file.)SH +7200 24213 MT +(The following description assumes that you are installing)SH +/Times-Italic SF +32680 XM +(sample_server)SH +/Times-Roman SF +39369 XM +(on the machine)SH +/Times-Italic SF +46364 XM +(ariadne.tim.edu)SH +/Times-Roman SF +(.)SH +7200 25409 MT +(Here's the process, step by step:)SH +9400 27360 MT +(1.)SH +10500 XM +(Login as or)SH +/Times-Italic SF +15785 XM +(su)SH +/Times-Roman SF +17038 XM +(to root on the Kerberos server machine. Use the)SH +/Times-Italic SF +38631 XM +(kdb_edit)SH +/Times-Roman SF +42694 XM +(or)SH +/Times-Italic SF +43885 XM +(kadmin)SH +/Times-Roman SF +47398 XM +(program)SH +10500 28556 MT +(to create an entry for)SH +/Times-Italic SF +19935 XM +(sample)SH +/Times-Roman SF +23326 XM +(in the Kerberos database:)SH +/Courier SF +11820 30133 MT +(host#)SH +/Times-Bold SF +15780 XM +([ADMIN_DIR]/kdb_edit)SH +/Courier SF +11820 32361 MT +(Opening database...)SH +11820 34589 MT +(Enter Kerberos master key:)SH +11820 35703 MT +(Verifying, please re-enter)SH +11820 36817 MT +(master key entered. BEWARE!)SH +11820 37931 MT +(Previous or default values are in [brackets] ,)SH +11820 39045 MT +(enter return to leave the same, or new value.)SH +11820 41273 MT +(Principal name:)SH +/Times-Bold SF +22380 XM +(sample)SH +26220 XM +(<--)SH +/Times-BoldItalic SF +28239 XM +(Enter the principal name.)SH +/Courier SF +11820 42387 MT +(Instance:)SH +/Times-Bold SF +18420 XM +(ariadne)SH +26220 XM +(<--)SH +/Times-BoldItalic SF +28239 XM +(Instances cannot have periods in them.)SH +/Courier SF +11820 44615 MT +(, Create [y] ?)SH +/Times-Bold SF +28980 XM +(y)SH +/Courier SF +11820 46843 MT +(Principal: sample_server Instance: ariadne m_key_v: 1)SH +11820 47957 MT +(New Password:)SH +/Times-Bold SF +26220 XM +(<--)SH +/Times-BoldItalic SF +28239 XM +(Enter ``RANDOM'' to get random password.)SH +/Courier SF +11820 49071 MT +(Verifying, please re-enter)SH +11820 50185 MT +(New Password:)SH +/Times-Bold SF +26220 XM +(<--)SH +/Times-BoldItalic SF +28239 XM +(Enter ``RANDOM'' again.)SH +/Courier SF +11820 51299 MT +(Random password [y] ?)SH +/Times-Bold SF +26340 XM +(y)SH +/Courier SF +11820 53527 MT +(Principal's new key version = 1)SH +11820 54641 MT +(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH +11820 55755 MT +(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH +11820 56869 MT +(Attributes [ 0 ] ?)SH +11820 57983 MT +(Edit O.K.)SH +11820 60211 MT +(Principal name:)SH +/Times-Bold SF +26220 XM +(<--)SH +/Times-BoldItalic SF +28239 XM +(Enter newline to exit kdb_edit.)SH +/Times-Roman SF +9400 62105 MT +(2.)SH +10500 XM +(Use the)SH +/Times-Italic SF +14104 XM +(ext_srvtab)SH +/Times-Roman SF +18961 XM +(program to create a)SH +/Times-Italic SF +27755 XM +(srvtab)SH +/Times-Roman SF +30780 XM +(file for)SH +/Times-Italic SF +34078 XM +(sample_server)SH +/Times-Roman SF +('s host machine:)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30350 XM +(9)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 10 11 +BS +0 SI +11 /Courier AF +11820 7937 MT +(host#)SH +/Times-Bold SF +15780 XM +([ADMIN_DIR]/ext_srvtab ariadne)275 W +/Courier SF +11820 10165 MT +(Enter Kerberos master key:)SH +11820 11279 MT +(Current Kerberos master key version is 1.)SH +11820 13507 MT +(Generating 'ariadne-new-srvtab'....)SH +/Times-Roman SF +10500 15102 MT +(Transfer the)SH +/Times-Italic SF +16118 XM +(ariadne-new-srvtab)SH +/Times-Roman SF +25069 XM +(file to)SH +/Times-Italic SF +27941 XM +(ariadne)SH +/Times-Roman SF +31638 XM +(and install it as)SH +/Times-Italic SF +38544 XM +(/etc/srvtab)SH +/Times-Roman SF +(. Note) +275 W( that this)SH +10500 16298 MT +(file is equivalent to the service's password and should be treated with care. For example, it)SH +10500 17494 MT +(could be transferred by removable media, but should not be sent over an open network in)SH +10500 18690 MT +(the clear. Once installed, this file should be readable only by root.)SH +9400 20584 MT +(3.)SH +10500 XM +(Add the following line to the)SH +/Times-Italic SF +23516 XM +(/etc/services)SH +/Times-Roman SF +29227 XM +(file on)SH +/Times-Italic SF +32343 XM +(ariadne)SH +/Times-Roman SF +(, and on all machines that will run)SH +10500 21780 MT +(the)SH +/Times-Italic SF +12119 XM +(sample_client)SH +/Times-Roman SF +18504 XM +(program:)SH +/Courier SF +11820 23306 MT +(sample 906/tcp) +2640 W( #) +3960 W( Kerberos sample app server)SH +/Times-Roman SF +9400 25200 MT +(4.)SH +10500 XM +(Add a line similar to the following line to the)SH +/Times-Italic SF +30666 XM +(/etc/inetd.conf)SH +/Times-Roman SF +37204 XM +(file on)SH +/Times-Italic SF +40320 XM +(sample_server)SH +/Times-Roman SF +('s)SH +10500 26396 MT +(machine:)SH +/Courier SF +11820 27922 MT +(sample stream tcp nowait switched root)1320 W +14460 29036 MT +([PATH]/sample_server sample_server)SH +/Times-Roman SF +10500 30631 MT +(where [PATH] should be substituted with the path to the)SH +/Times-Italic SF +35674 XM +(sample_server)SH +/Times-Roman SF +42363 XM +(program. \050This)275 W +/Times-Italic SF +10500 31827 MT +(inetd.conf)SH +/Times-Roman SF +15144 XM +(information should be placed on one line.\051 You should examine existing lines in)SH +/Times-Italic SF +10500 33023 MT +(/etc/inetd.conf)SH +/Times-Roman SF +17038 XM +(and use the same format used by other entries \050e.g. for telnet\051. Most systems)SH +10500 34219 MT +(do not have a column for the `switched' keyword, and some do not have a column for the)SH +10500 35415 MT +(username \050usually `root', as above\051.)SH +9400 37309 MT +(5.)SH +10500 XM +(Restart)SH +/Times-Italic SF +13891 XM +(inetd)SH +/Times-Roman SF +16366 XM +(by sending the current)SH +/Times-Italic SF +26446 XM +(inetd)SH +/Times-Roman SF +28921 XM +(process a hangup signal:)SH +/Courier SF +11820 38909 MT +(host#)SH +/Times-Bold SF +15780 XM +(kill -HUP)275 W +/Times-BoldItalic SF +21373 XM +(process_id_number)SH +/Times-Roman SF +9400 40803 MT +(6.)SH +10500 XM +(The)SH +/Times-Italic SF +12485 XM +(sample_server)SH +/Times-Roman SF +19174 XM +(is now ready to take)SH +/Times-Italic SF +28307 XM +(sample_client)SH +/Times-Roman SF +34692 XM +(requests.)SH +14 /Times-Bold AF +7200 44621 MT +(5.2 Testing) +350 W( the Sample Server)SH +11 /Times-Roman AF +7200 46816 MT +(Assume that you have installed)SH +/Times-Italic SF +21223 XM +(sample_server)SH +/Times-Roman SF +27912 XM +(on)SH +/Times-Italic SF +29287 XM +(ariadne)SH +/Times-Roman SF +(.)SH +7200 49114 MT +(Login to your workstation and use the)SH +/Times-Italic SF +24217 XM +(kinit)SH +/Times-Roman SF +26448 XM +(command to obtain a Kerberos ticket-granting ticket:)SH +/Courier SF +8520 50691 MT +(host%)SH +/Times-Bold SF +12480 XM +([K_USER]/kinit)SH +/Courier SF +8520 51805 MT +(MIT Project Athena, \050your_workstation\051)SH +8520 52919 MT +(Kerberos Initialization)SH +8520 54033 MT +(Kerberos name:)SH +/Times-BoldItalic SF +18420 XM +(yourusername)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter your Kerberos username.)SH +/Courier SF +8520 55147 MT +(Password:)SH +/Times-Bold SF +28800 XM +(<--)SH +/Times-BoldItalic SF +30819 XM +(Enter your Kerberos password.)SH +/Times-Roman SF +7200 57445 MT +(Now use the)SH +/Times-Italic SF +12973 XM +(sample_client)SH +/Times-Roman SF +19358 XM +(program as follows:)SH +/Courier SF +8520 59022 MT +(host%)SH +/Times-Bold SF +12480 XM +([PATH]/sample_client ariadne)275 W +/Times-Roman SF +7200 60617 MT +(The command should display something like the following:)SH +/Courier SF +8520 62143 MT +(The server says:)SH +8520 63257 MT +(You are)SH +/Times-BoldItalic SF +13800 XM +(yourusername)SH +/Courier SF +(.@REALMNAME \050local name)SH +/Times-BoldItalic SF +36180 XM +(yourusername)SH +/Courier SF +(\051,)SH +9180 64371 MT +(at address)SH +/Times-BoldItalic SF +16440 XM +(yournetaddress)SH +/Courier SF +(, version VERSION9, cksum 997)SH +10 /Times-Roman AF +7200 75600 MT +(MIT Project Athena)SH +30100 XM +(10)SH +47890 XM +(4 January 1990)SH +ES +%%Page: 11 12 +BS +0 SI +16 /Times-Bold AF +7200 8272 MT +(6. Service) +400 W( names and other services)SH +14 SS +7200 12090 MT +(6.1 rlogin,) +350 W( rsh, rcp, tftp, and others)SH +11 /Times-Roman AF +7200 14285 MT +(Many services use a common principal name for authentication purposes.)SH +/Times-Italic SF +40128 XM +(rlogin)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +43368 XM +(rsh)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +45324 XM +(rcp)SH +/Times-Roman SF +(,)SH +/Times-Italic SF +47340 XM +(tftp)SH +/Times-Roman SF +49083 XM +(and others)SH +7200 15481 MT +(use the principal name ``)SH +/Courier SF +(rcmd)SH +/Times-Roman SF +(''. For) +275 W( example, to set up the machine)SH +/Times-Italic SF +38033 XM +(ariadne)SH +/Times-Roman SF +41730 XM +(to support Kerberos rlogin,)SH +7200 16677 MT +(it needs to have a service key for principal ``)SH +/Courier SF +(rcmd)SH +/Times-Roman SF +('', instance ``)SH +/Courier SF +(ariadne)SH +/Times-Roman SF +(''. You) +275 W( create this key in the)SH +7200 17873 MT +(same way as shown above for the sample service.)SH +7200 20171 MT +(After creating this key, you need to run the)SH +/Times-Italic SF +26382 XM +(ext_srvtab)SH +/Times-Roman SF +31239 XM +(program again to generate a new srvtab file for)SH +7200 21367 MT +(ariadne.)SH +14 /Times-Bold AF +7200 25185 MT +(6.2 NFS) +350 W( modifications)SH +11 /Times-Roman AF +7200 27380 MT +(The NFS modifications distributed separately use the service name ``)SH +/Courier SF +(rvdsrv)SH +/Times-Roman SF +('' with the instance set to)SH +7200 28576 MT +(the machine name \050as for the sample server and the rlogin, rsh, rcp and tftp services\051.)SH +14 /Times-Bold AF +7200 32394 MT +(6.3 inetd.conf) +350 W( entries)SH +11 /Times-Roman AF +7200 34589 MT +(The following are the)SH +/Times-Italic SF +16974 XM +(/etc/inetd.conf)SH +/Times-Roman SF +23512 XM +(entries necessary to support rlogin, encrypted rlogin, rsh, and rcp)SH +7200 35785 MT +(services on a server machine. As above, your)SH +/Times-Italic SF +27631 XM +(inetd.conf)SH +/Times-Roman SF +32275 XM +(may not support all the fields shown here.)SH +/Courier SF +8520 37311 MT +(eklogin stream) +660 W( tcp nowait unswitched root)1320 W +11160 38425 MT +([PATH]/klogind eklogind)1320 W +8520 39539 MT +(kshell stream tcp nowait unswitched root)1320 W +11160 40653 MT +([PATH]/kshd kshd)1320 W +8520 41767 MT +(klogin stream tcp nowait unswitched root)1320 W +11160 42881 MT +([PATH]/klogind klogind)1320 W +10 /Times-Roman AF +7200 75600 MT +(MIT Project Athena)SH +30100 XM +(11)SH +47890 XM +(4 January 1990)SH +ES +%%Page: i 13 +BS +0 SI +14 /Times-Bold AF +25272 8138 MT +(Table of Contents)SH +13 SS +7200 9781 MT +(1. How) +325 W( Kerberos Works: A Schematic Description)SH +53350 XM +(1)SH +12 /Times-Roman AF +9000 11130 MT +(1.1 Network) +300 W( Services and Their Client Programs)SH +53400 XM +(1)SH +9000 12479 MT +(1.2 Kerberos) +300 W( Tickets)SH +53400 XM +(1)SH +9000 13828 MT +(1.3 The) +300 W( Kerberos Master Database)SH +53400 XM +(1)SH +9000 15177 MT +(1.4 The) +300 W( Ticket-Granting Ticket)SH +53400 XM +(1)SH +9000 16526 MT +(1.5 Network) +300 W( Services and the Master Database)SH +53400 XM +(1)SH +9000 17875 MT +(1.6 The) +300 W( User-Kerberos Interaction)SH +53400 XM +(2)SH +13 /Times-Bold AF +7200 19518 MT +(2. Setting) +325 W( Up and Testing the Kerberos Server)SH +53350 XM +(2)SH +12 /Times-Roman AF +9000 20867 MT +(2.1 Creating) +300 W( and Initializing the Master Database)SH +53400 XM +(3)SH +9000 22216 MT +(2.2 Storing) +300 W( the Master Password)SH +53400 XM +(3)SH +9000 23571 MT +(2.3 Using)300 W +/Times-BoldItalic SF +14267 XM +(kdb_edit)SH +/Times-Roman SF +18768 XM +(to Add Users to the Master Database)SH +53400 XM +(4)SH +9000 24920 MT +(2.4 Starting) +300 W( the Kerberos Server)SH +53400 XM +(4)SH +9000 26269 MT +(2.5 Testing) +300 W( the Kerberos Server)SH +53400 XM +(5)SH +13 /Times-Bold AF +7200 27912 MT +(3. Setting) +325 W( up and testing the Administration server)SH +53350 XM +(5)SH +12 /Times-Roman AF +9000 29261 MT +(3.1 Adding) +300 W( an administration instance for the administrator)SH +53400 XM +(6)SH +9000 30610 MT +(3.2 The) +300 W( Access Control Lists)SH +53400 XM +(6)SH +9000 31959 MT +(3.3 Starting) +300 W( the administration server)SH +53400 XM +(7)SH +9000 33314 MT +(3.4 Testing)300 W +/Times-BoldItalic SF +15001 XM +(kpasswd)SH +/Times-Roman SF +53400 XM +(7)SH +9000 34669 MT +(3.5 Testing)300 W +/Times-BoldItalic SF +15001 XM +(kadmin)SH +/Times-Roman SF +53400 XM +(7)SH +9000 36024 MT +(3.6 Verifying) +300 W( with)SH +/Times-BoldItalic SF +18501 XM +(kinit)SH +/Times-Roman SF +53400 XM +(8)SH +13 /Times-Bold AF +7200 37667 MT +(4. Setting) +325 W( up and testing slave server\050s\051)SH +53350 XM +(8)SH +7200 39310 MT +(5. A) +325 W( Sample Application)SH +53350 XM +(8)SH +12 /Times-Roman AF +9000 40659 MT +(5.1 The) +300 W( Installation Process)SH +53400 XM +(8)SH +9000 42008 MT +(5.2 Testing) +300 W( the Sample Server)SH +52800 XM +(10)SH +13 /Times-Bold AF +7200 43651 MT +(6. Service) +325 W( names and other services)SH +52700 XM +(11)SH +12 /Times-Roman AF +9000 45000 MT +(6.1 rlogin,) +300 W( rsh, rcp, tftp, and others)SH +52800 XM +(11)SH +9000 46349 MT +(6.2 NFS) +300 W( modifications)SH +52800 XM +(11)SH +9000 47698 MT +(6.3 inetd.conf) +300 W( entries)SH +52800 XM +(11)SH +10 SS +7200 75600 MT +(MIT Project Athena)SH +30461 XM +(i)SH +47890 XM +(4 January 1990)SH +ES +%%Trailer +%%Pages: 13 +%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol diff --git a/doc/old-V4-docs/operation.mss b/doc/old-V4-docs/operation.mss new file mode 100644 index 000000000..a35bb9f95 --- /dev/null +++ b/doc/old-V4-docs/operation.mss @@ -0,0 +1,799 @@ +@Comment[ $Source$] +@Comment[ $Author$] +@Comment[ $Id$] +@Comment[] +@device[postscript] +@make[report] +@comment[ +@DefineFont(HeadingFont, + P=, + B=, + I=, + R=) +] +@DefineFont(HeadingFont, + P=, + B=, + I=, + R=) +@Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], + IncrementedBy Use,Announced) +@Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], + IncrementedBy Use,Referenced [@1],Announced) +@Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], + IncrementedBy,Referenced [@A],Announced,Alias Chapter) +@Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias + Chapter) +@Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, + Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy + Use,Announced) +@Counter(AppendixSection,Within Appendix,TitleEnv HD2, + ContentsEnv tc2, + Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy + Use,Announced) +@Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, + Numbered [@#@:.@1 ],IncrementedBy Use, + Referenced [@#@:.@1 ]) +@Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, + ContentsEnv tc3, + Numbered [@#@:.@1 ],IncrementedBy Use, + Referenced [@#@:.@1 ]) +@Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, + Numbered [@#@:.@1 ],Referenced [@#@:.@1], + IncrementedBy Use) +@modify(CopyrightNotice, Fixed -1 inch, Flushright) +@Modify(Titlebox, Fixed 3.0 inches) +@Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) +@Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) +@Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) +@Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) +@Modify(Tc1, Above .5, Facecode B) +@Modify(Tc2, Above .25, Below .25, Facecode R) +@Modify(Tc3,Facecode R) +@Modify(Tc4,Facecode R) +@Modify(Itemize,Above 1line,Below 1line) +@Modify(Insert,LeftMargin +2, RightMargin +2) +@libraryfile[stable] +@comment[@Style(Font NewCenturySchoolBook, size 11)] +@Style(Font TimesRoman, size 11) +@Style(Spacing 1.1, indent 0) +@Style(leftmargin 1.0inch) +@Style(justification no) +@Style(BottomMargin 1.5inch) +@Style(ChangeBarLocation Right) +@Style(ChangeBars=off) +@pageheading[immediate] +@pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", +right = "@value(date)"] +@set[page = 0] +@blankspace[.5 inches] +@begin[group, size 20] +@begin(center) +@b[Kerberos Operation Notes] +@b[DRAFT] +@end[center] +@blankspace[.5 inches] +@end(group) +@begin[group, size 16] +@begin(center) +Bill Bryant +John Kohl +Project Athena, MIT +@blankspace[.5 inches] +@b[Initial Release, January 24, 1989] +@i[(plus later patches through patchlevel 7)] +@end[center] +@end(group) +@begin[group, size 10] +@end[group] +@blankspace[1inches] + +These notes assume that you have used the +@i[Kerberos Installation Notes] to build and install your +Kerberos system. +As in that document, we refer to the directory that contains +the built Kerberos binaries as [OBJ_DIR]. + +This document assumes that you are a Unix system manager. + +@newpage() +@chapter[How Kerberos Works: A Schematic Description] + +This section provides a simplified description of +a general user's interaction with the Kerberos system. +This interaction happens transparently--users don't need to know +and probably don't care about what's going on--but Kerberos administrators +might find a schematic description of the process useful. +The description glosses over a lot of details; +for more information, see @i[Kerberos: An Authentication +Service for Open Network Systems], +a paper presented at Winter USENIX 1988, in Dallas, Texas. + +@section[Network Services and Their Client Programs] + +In an environment that provides network services, +you use @i[client] programs to request service from +@i[server] programs that are somewhere on the network. +Suppose you have logged in to a workstation +and you want to @i[rlogin] to another machine. +You use the local @i[rlogin] client program to +contact the remote machine's @i[rlogin] service daemon. + +@section[Kerberos Tickets] + +Under Kerberos, the @i[rlogin] service program +allows a client to login to a remote machine if it +can provide +a Kerberos @b[ticket] for the request. +This ticket proves the identity of the person who has used +the client program to access the server program. + +@section[The Kerberos Master Database] + +Kerberos will give you tickets only if you +have an entry in the Kerberos server's +@b[master database]. +Your database entry includes your Kerberos username (often referred to +as your Kerberos @b[principal] name), and your Kerberos password. +Every Kerberos user must have an entry in this database. + +@section[The Ticket-Granting Ticket] + +The @i[kinit] command prompts for your Kerberos username and password, +and if you enter them successfully, you will obtain a Kerberos +@i[ticket-granting ticket]. +As illustrated below, +client programs use this ticket to get other Kerberos tickets as +needed. + +@section[Network Services and the Master Database] + +The master database also contains entries for all network services that +require Kerberos authentication. +Suppose for instance that your site has a machine @i[laughter] +that requires Kerberos authentication from anyone who wants +to @i[rlogin] to it. +This service must be registered in the master database. +Its entry includes the service's principal name, and its @b[instance]. + +The @i[instance] is the name of the service's machine; +in this case, the service's instance is the name @i[laughter]. +The instance provides a means for Kerberos to distinguish between +machines that provide the same service. +Your site is likely to have more than one machine that +provides @i[rlogin] service. + +@section[The User-Kerberos Interaction] + +Suppose that you (in the guise of a general user) walk up to a workstation +intending to login to it, and then @i[rlogin] to the machine @i[laughter]. +Here's what happens. +@begin[enumerate] +You login to the workstation and use the @i[kinit] command +to to get a ticket-granting ticket. +This command prompts you for your username (your Kerberos Principal Name), +and your Kerberos password [on some systems which use the new version of +@i{/bin/login}, this may be done as part of the login process, not +requiring the user to run a separate program]. +@begin[enumerate] +The @i[kinit] command sends your request to the Kerberos master server +machine. +The server software looks for your principal name's entry in the +Kerberos @b[master database]. + +If this entry exists, the +Kerberos server creates and returns a +@i[ticket-granting ticket], encrypted in your password. +If @i[kinit] can decrypt the Kerberos reply using the password you +provide, it stores this ticket in a @b[ticket file] on your +local machine for later use. +The ticket file to be used +can be specified in the @b[KRBTKFILE] environment +variable. If this variable is not set, the name of the file will be +@i[/tmp/tkt@p(uid)], where @p(uid) is the UNIX user-id, represented in decimal. +@end[enumerate] + +Now you use the @i[rlogin] client to try to access the machine @i[laughter]. +@begin[example] +host% @b[rlogin laughter] +@end[example] +@begin[enumerate] +The @i[rlogin] client checks your ticket file to see if you +have a ticket for @i[laughter]'s @i[rcmd] service (the rlogin program +uses the @i[rcmd] service name, mostly for historical reasons). +You don't, so @i[rlogin] uses the ticket file's @i[ticket-granting +ticket] to make a request to the master server's ticket-granting service. + +This ticket-granting service receives the @i[rcmd-laughter] request +and looks in the master database for an @i[rcmd-laughter] entry. +If that entry exists, the ticket-granting service issues you a ticket +for that service. +That ticket is also cached in your ticket file. + +The @i[rlogin] client now uses that ticket to request service from +the @i[laughter] @i[rlogin] service program. +The service program +lets you @i[rlogin] if the ticket is valid. +@end[enumerate] +@end[enumerate] + +@chapter[Setting Up and Testing the Kerberos Server] + +The procedure for setting up and testing a Kerberos server +is as follows: +@begin[enumerate] +Use the @i[kdb_init] command to create and initialize the master database. + +Use the @i[kdb_edit] utility to add your username to the +master database. + +Start the Kerberos server. + +Use the @i[kinit] command to obtain a Kerberos ticket-granting ticket. + +Use the @i[klist] command to verify that the @i[kinit] command +authenticated you successfully. +@end[enumerate] + +@section[Creating and Initializing the Master Database] + +Login to the Kerberos master server machine, +and use the @b[su] command to become root. +If you installed the Kerberos administration tools +with the @i[make install] command and the default pathnames, +they should be in the @i[/usr/etc] directory. +If you installed the tools in a different directory, +hopefully you know what it is. +From now on, we will refer to this directory as [ADMIN_DIR]. + +The @i[kdb_init] command creates and initializes the master database. +It asks you to enter the system's +realm name and the database's master password. +Do not forget this password. +If you do, the database becomes useless. +(Your realm name should be substituted for [REALMNAME] below.) + +Use @i[kdb_init] as follows: +@tabset[3inches, +1.5inches] +@begin[example, rightmargin -10] +host# @b([ADMIN_DIR]/kdb_init) +Realm name (default XXX): @b([REALMNAME])@\@b[<--] @p[Enter your system's realm name.] +You will be prompted for the database Master Password. +It is important that you NOT FORGET this password. + +Enter Kerberos master key: @\@b[<--] @p[Enter the master password.] +@comment(this needs to be re-fixed...: +Verifying, please re-enter +Enter Kerberos master key: @\@b[<--] @p[Re-enter it.] +) +@end[example] + +@section[Storing the Master Password] + +The @i[kstash] command ``stashes'' the master password in the file @i[/.k] +so that the Kerberos server can +be started automatically during an unattended reboot of the +master server. +Other administrative programs use this hidden password so that they +can access the master database without someone having to manually +provide the master password. +This command is an optional one; +if you'd rather enter the master password each time you +start the Kerberos server, don't use @i[kstash]. + +One the one hand, if you use @i[kstash], a copy of the master +key will reside +on disk which may not be acceptable; on the other hand, if you don't +use @i[kstash], the server cannot be started unless someone is around to +type the password in manually. + +The command prompts you twice for the master password: +@begin[example] +@tabset[3inches] +host# @b([ADMIN_DIR]/kstash) + +Enter Kerberos master key:@\@b[<--] @p[Enter the master password.] +Current Kerberos master key version is 1. + +Master key entered BEWARE! +@end[example] + +A note about the Kerberos database master key: +if your master key is compromised and the database is obtained, +the security of your entire authentication system is compromised. +The master key must be a carefully kept secret. If you keep backups, +you must guard all the master keys you use, in case someone has stolen +an old backup and wants to attack users' whose passwords haven't changed +since the backup was stolen. +This is why we provide the option not to store it on disk. + +@section[Using @p(kdb_edit) to Add Users to the Master Database] + +The @i[kdb_edit] program is used to add new users and services +to the master database, and to modify existing database information. +The program prompts you to enter a principal's @b[name] and @b[instance]. + +A principal name is typically a username or a service program's name. +An instance further qualifies the principal. +If the principal is a service, +the instance is used to specify the name of the machine on which that +service runs. +If the principal is a username that has general user privileges, +the instance is usually set to null. + +The following example shows how to use @i[kdb_edit] to +add the user @i[wave] to the Kerberos database. +@begin[example, rightmargin -10] +@tabset[3inches, +1.5inches] +host# @b([ADMIN_DIR]/kdb_edit) + +Opening database... + +Enter Kerberos master key: +Verifying, please re-enter +Enter Kerberos master key: +Current Kerberos master key version is 1 + +Master key entered. BEWARE! +Previous or default values are in [brackets] , +enter return to leave the same, or new value. + +Principal name: @b[wave]@\@b[<--] @p[Enter the username.] +Instance:@\@p[<-- Enter a null instance.] + +, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] +@\@p[ Enter y to create the user-instance.] +Principal: wave Instance: m_key_v: 1 +New Password: @\@p[<-- Enter the user-instance's password.] +Verifying, please re-enter +New Password: +Principal's new key version = 1 +Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] +Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] +Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] +Edit O.K. + +Principal name:@\@p[<-- Enter a newline to exit the program.] +@end[example] + +Use the @i[kdb_edit] utility to add your username to the master database. + +@section[Starting the Kerberos Server] + +Change directories to the directory in which you have installed +the server program @i[kerberos] +(the default directory is @i[/usr/etc]), +and start the program as a background process: +@begin[example] +host# @b[./kerberos &] +@end[example] +If you have used the @i[kstash] command to store the master database password, +the server will start automatically. +If you did not use @i[kstash], +use the following command: +@begin[example] +host# @b[./kerberos -m] +@end[example] +The server will prompt you to enter the master password before actually +starting itself. + +@section[Testing the Kerberos Server] + +Exit the root account and use the @i[kinit] command obtain a Kerberos +ticket-granting ticket. +This command +creates your ticket file +and stores the ticket-granting ticket in it. + +If you used the default @i[make install] command and directories to +install the Kerberos user utilities, @i[kinit] will be in the +@i[/usr/athena] directory. From now on, we'll refer to the Kerberos user +commands directory as [K_USER]. + +Use @i[kinit] as follows: +@begin[example] +@tabset[3 inches] +host% @b([K_USER]/kinit) +MIT Project Athena, (ariadne) +Kerberos Initialization +Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] +Password: @\@b[<--] @p[Enter your Kerberos password.] +@end[example] + +Use the @i[klist] program to list the contents of your ticket file. +@begin[example] +host% @b([K_USER]/klist) +@end[example] +The command should display something like the following: +@begin[example] +Ticket file: /tmp/tkt5555 +Principal: yourusername@@REALMNAME + + Issued Expires Principal +May 6 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@@REALMNAME +@end[example] + +If you have any problems, you can examine the log file +@i[/kerberos/kerberos.log] on the Kerberos server machine to see if +there was some sort of error. + +@chapter[Setting up and testing the Administration server] + +The procedure for setting up and testing the Kerberos administration server +is as follows: +@begin[enumerate] +Use the @i[kdb_edit] utility to add your username with an administration +instance to the master database. + +Edit the access control lists for the administration server + +Start the Kerberos administration server. + +Use the @i[kpasswd] command to change your password. + +Use the @i[kadmin] command to add new entries to the database. + +Use the @i[kinit] command to verify that the @i[kadmin] command +correctly added new entries to the database. +@end(enumerate) + +@section[Adding an administration instance for the administrator] + +Login to the Kerberos master server machine, +and use the @b[su] command to become root. +Use the @i[kdb_edit] program to create an entry for each administrator +with the instance ``@p(admin)''. +@begin[example] +@tabset[3inches, +1.5inches] +host# @b([ADMIN_DIR]/kdb_edit) + +Opening database... + +Enter Kerberos master key: +Verifying, please re-enter +Enter Kerberos master key: +Current Kerberos master key version is 1 + +Master key entered. BEWARE! +Previous or default values are in [brackets] , +enter return to leave the same, or new value. + +Principal name: @b[wave]@\@b[<--] @p[Enter the username.] +Instance:@b[admin]@\@b[<--] @p[Enter ``admin''.] + +, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] +@\@p[ Enter y to create the user-instance.] +Principal: wave Instance: admin m_key_v: 1 +New Password: @\@p[<-- Enter the user-instance's password.] +Verifying, please re-enter +New Password: +Principal's new key version = 1 +Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] +Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] +Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] +Edit O.K. + +Principal name:@\@p[<-- Enter a newline to exit the program.] +@end[example] + +@section[The Access Control Lists] +The Kerberos administration server uses three access control lists to +determine who is authorized to make certain requests. The access +control lists are stored on the master Kerberos server in the same +directory as the principal database, @i(/kerberos). The access control +lists are simple ASCII text files, with each line specifying the name of +one principal who is allowed the particular function. To allow several +people to perform the same function, put their principal names on +separate lines in the same file. + +The first list, @i(/kerberos/admin_acl.mod), is a list of principals +which are authorized to change entries in the database. To allow the +administrator `@b[wave]' to modify entries in the database for the realm +`@b[TIM.EDU]', you would put the following line into the file +@i(/kerberos/admin_acl.mod): +@begin(example) +wave.admin@@TIM.EDU +@end(example) + +The second list, @i(/kerberos/admin_acl.get), is a list of principals +which are authorized to retrieve entries from the database. + +The third list, @i(/kerberos/admin_acl.add), is a list of principals +which are authorized to add new entries to the database. + +@section(Starting the administration server) +Change directories to the directory in which you have installed +the administration server program @i[kadmind] +(the default directory is @i[/usr/etc]), +and start the program as a background process: +@begin[example] +host# @b[./kadmind -n&] +@end[example] +If you have used the @i[kstash] command to store the master database password, +the server will start automatically. +If you did not use @i[kstash], +use the following command: +@begin[example] +host# @b[./kadmind] +@end[example] +The server will prompt you to enter the master password before actually +starting itself; after it starts, you should suspend it and put it in +the background (usually this is done by typing control-Z and then @b(bg)). + +@section(Testing @p[kpasswd]) + +To test the administration server, you should try changing your password +with the @i[kpasswd] command, and you should try adding new users with +the @i[kadmin] command (both commands are installed into @i[/usr/athena] +by default). + +Before testing, you should exit the root account. + +To change your password, run the @i[kpasswd] command: +@begin(example) +@tabset[3inches, +1.5inches] +host% @b([K_USER]/kpasswd) +Old password for wave@@TIM.EDU:@\@b[<--]@p[Enter your password] +New Password for wave@@TIM.EDU:@\@b[<--]@p[Enter a new password] +Verifying, please re-enter New Password for wave@@TIM.EDU: +@\@b[<--]@p[Enter new password again] +Password changed. +@end(example) +Once you have changed your password, use the @i[kinit] program as shown +above to verify that the password was properly changed. + +@section(Testing @p[kadmin]) +You should also test the function of the @i[kadmin] program, by adding a +new user (here named ``@t[username]''): +@begin(example) +@tabset[3inches, +1.5inches] +host% @b([K_USER]/kadmin) +Welcome to the Kerberos Administration Program, version 2 +Type "help" if you need it. +admin: @b(ank username)@\@p[`ank' stands for Add New Key] +Admin password: @\@b[<--]@p[enter the password +@\you chose above for wave.admin] +Password for username:@\@b[<--]@p[Enter the user's initial password] +Verifying, please re-enter Password for username:@\@b[<--]@p[enter it again] +username added to database. + +admin: quit +Cleaning up and exiting. +@end[example] + +@section(Verifying with @p[kinit]) +Once you've added a new user, you should test to make sure it was added +properly by using @i[kinit], and trying to get tickets for that user: + +@begin[example] +@tabset[3inches, +1.5inches] +host% @b([K_USER]/kinit username) +MIT Project Athena (ariadne) +Kerberos Initialization for "username@@TIM.EDU" +Password: @b[<--]@p[Enter the user's password you used above] +host% @b([K_USER]/klist) +Ticket file: /tmp/tkt_5509_spare1 +Principal: username@@TIM.MIT.EDU + + Issued Expires Principal +Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@@TIM.EDU +@end[example] + +If you have any problems, you can examine the log files +@i[/kerberos/kerberos.log] and @i[/kerberos/admin_server.syslog] on the +Kerberos server machine to see if there was some sort of error. + +@chapter[Setting up and testing slave server(s)] + +[Unfortunately, this chapter is not yet ready. Sorry. -ed] + +@chapter[A Sample Application] + +This release of Kerberos comes with a sample application +server and a corresponding client program. +You will find this software in the [OBJ_DIR]@i[/appl/sample] directory. +The file @i[sample_client] contains the client program's executable +code, the file @i[sample_server] contains the server's executable. + +The programs are rudimentary. +When they have been installed (the installation procedure is described +in detail later), they work as follows: +@begin[itemize] +The user starts @i[sample_client] and provides as arguments +to the command the name of the server machine and a checksum. +For instance: +@begin[example] +host% @b[sample_client] @p[servername] @p[43] +@end[example] + +@i[Sample_client] contacts the server machine and +authenticates the user to @i[sample_server]. + +@i[Sample_server] authenticates itself to @i[sample_client], +then returns a message to the client program. +This message contains diagnostic information +that includes the user's username, the Kerberos realm, +and the user's workstation address. + +@i[Sample_client] displays the server's message on the user's +terminal screen. +@end[itemize] + +@section[The Installation Process] + +In general, +you use the following procedure to install a Kerberos-authenticated +server-client system. +@begin[enumerate] +Add the appropriate entry to the Kerberos database using @i[kdb_edit] or +@i[kadmin] (described below). + +Create a @i[/etc/srvtab] file for the server machine. + +Install the service program and the @i[/etc/srvtab] +file on the server machine. + +Install the client program on the client machine. + +Update the @i[/etc/services] file on the client and server machines. +@end[enumerate] + +We will use the sample application as an example, although +the procedure used to install @i[sample_server] differs slightly +from the general case because the @i[sample_server] +takes requests via the +@i[inetd] program. +@i[Inetd] starts @i[sample_server] each time +a client process contacts the server machine. +@i[Sample_server] processes the request, +terminiates, then is restarted when @i[inetd] receives another +@i[sample_client] request. +When you install the program on the server, +you must add a @i[sample] entry to the server machine's +@i[/etc/inetd.conf] file. + +The following description assumes that you are installing +@i[sample_server] on the machine @i[ariadne.tim.edu]. +Here's the process, step by step: +@begin[enumerate] +Login as or @i[su] to root on the Kerberos server machine. +Use the @i[kdb_edit] or @i[kadmin] program to create an entry for +@i[sample] in the Kerberos database: +@begin[example, rightmargin -10] +@tabset[2.0inches, +.5inches] +host# @b([ADMIN_DIR]/kdb_edit) + +Opening database... + +Enter Kerberos master key: +Verifying, please re-enter +master key entered. BEWARE! +Previous or default values are in [brackets] , +enter return to leave the same, or new value. + +Principal name: @b[sample]@\@b[<--] @p[Enter the principal name.] +Instance: @b[ariadne]@\@b[<--] @p[Instances cannot have periods in them.] + +, Create [y] ? @b[y] + +Principal: sample_server Instance: ariadne m_key_v: 1 +New Password:@\@b[<--] @p[Enter ``RANDOM'' to get random password.] +Verifying, please re-enter +New Password:@\@b[<--] @p[Enter ``RANDOM'' again.] +Random password [y] ? @b[y] + +Principal's new key version = 1 +Expiration date (enter dd-mm-yy) [ 12/31/99 ] ? +Max ticket lifetime (*5 minutes) [ 255 ] ? +Attributes [ 0 ] ? +Edit O.K. + +Principal name:@\@b[<--] @p[Enter newline to exit kdb_edit.] +@end[example] + +Use the @i[ext_srvtab] program to create a @i[srvtab] file +for @i[sample_server]'s host machine: +@begin[example] +host# @b([ADMIN_DIR]/ext_srvtab ariadne) + +Enter Kerberos master key: +Current Kerberos master key version is 1. + +Generating 'ariadne-new-srvtab'.... +@end[example] +Transfer the @i[ariadne-new-srvtab] file to @i[ariadne] and install it as +@i[/etc/srvtab]. +Note that this file is equivalent to the service's password and should +be treated with care. +For example, it could be transferred by removable media, but should +not be sent over an open network in the clear. +Once installed, this file should be readable only by root. + +Add the following line to the @i[/etc/services] file on +@i[ariadne], and on all machines that +will run the @i[sample_client] program: +@begin[example] +sample 906/tcp # Kerberos sample app server +@end[example] + +Add a line similar to the following line to the @i[/etc/inetd.conf] +file on @i[sample_server]'s machine: +@begin[example] +sample stream tcp nowait switched root + [PATH]/sample_server sample_server +@end[example] +where [PATH] should be substituted with +the path to the @i[sample_server] program. +(This @i[inetd.conf] information should be placed on one line.) +You should examine existing lines in @i[/etc/inetd.conf] and use the +same format used by other entries (e.g. for telnet). Most systems do +not have a column for the `switched' keyword, and some do not have a +column for the username (usually `root', as above). + +Restart @i[inetd] by sending the current @i[inetd] process +a hangup signal: +@begin[example] +host# @b[kill -HUP @p(process_id_number)] +@end[example] + +The @i[sample_server] is now ready to take @i[sample_client] requests. +@end[enumerate] + +@section[Testing the Sample Server] + +Assume that you have installed @i[sample_server] on @i[ariadne]. + +Login to your workstation and use the @i[kinit] command to +obtain a Kerberos ticket-granting ticket: +@begin[example] +@tabset[3 inches] +host% @b([K_USER]/kinit) +MIT Project Athena, (your_workstation) +Kerberos Initialization +Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] +Password: @\@b[<--] @p[Enter your Kerberos password.] +@end[example] + +Now use the @i[sample_client] program as follows: +@begin[example] +host% @b([PATH]/sample_client ariadne) +@end[example] +The command should display something like the following: +@begin[example] +The server says: +You are @p[yourusername].@@REALMNAME (local name @p[yourusername]), + at address @p[yournetaddress], version VERSION9, cksum 997 +@end[example] + +@chapter[Service names and other services] + +@section(rlogin, rsh, rcp, tftp, and others) + +Many services use a common principal name for authentication purposes. +@i[rlogin], @i[rsh], @i[rcp], @i[tftp] and others use the principal name +``@t[rcmd]''. For example, to set up the machine @i[ariadne] to support +Kerberos rlogin, it needs to have a service key for principal +``@t[rcmd]'', instance ``@t[ariadne]''. You create this key in the same +way as shown above for the sample service. + +After creating this key, you need to run the @i[ext_srvtab] program +again to generate a new srvtab file for ariadne. + +@section(NFS modifications) + +The NFS modifications distributed separately use the service name +``@t[rvdsrv]'' with the instance set to the machine name (as for the +sample server and the rlogin, rsh, rcp and tftp services). + +@section(inetd.conf entries) +The following are the @i(/etc/inetd.conf) entries necessary to support +rlogin, encrypted rlogin, rsh, and rcp services on a server machine. As +above, your @i(inetd.conf) may not support all the fields shown here. +@begin[example] +eklogin stream tcp nowait unswitched root + [PATH]/klogind eklogind +kshell stream tcp nowait unswitched root + [PATH]/kshd kshd +klogin stream tcp nowait unswitched root + [PATH]/klogind klogind +@end[example]