Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication.

Authentication

June 24/2003

Overview

• Terminology• Local Passwords• Early Password Services• Kerberos Basics• Tickets• Ticket Acquisition• Kerberos Authentication• LDAP

Overview

• Active Directory (AD)• Apache• Cookies• Pubcookie• PAM• U of A Activities

Terminology

• Authentication– The identification of a user to a service or resource.

• Authorization– The determination of what a user is entitled to do.

– Access privileges.

• Single Signon– Use of a single user ID and password to authenticate a

user to all services.

– Minimization of need to repeatedly re-enter password.

Local Passwords

• One-way hash function converts password to key.– Password can not be determined from key.

– Hash functions can differ between OS types.

• Keys stored in local password file.– Key computed from password compared to stored key.

• Problems:– Early password (key) files publicly readable.

– Password files need to be replicated between systems for common passwords across systems.

Early Password Services

• YP/NIS/NIS+– Replaces local password database with remote database.

– Local machine obtains password entry from server on remote machine.

• Compares key obtained in same way as locally-stored key.

– Allows for both locally and remotely stored keys.

– Password entries visible over network.

– Primarily Unix-only.

Early Password Services

• Window NT primary domain controller (PDC).– Password sent to PDC for validation.

– Uses SMB protocol.

– Passwords were initially sent clear-text.

– Newer version sends hash value (key).• Hash value visible over network.

• Can be re-used to authenticate.

– Primarily Windows-only.• Also implemented in SAMBA freeware product.

Kerberos Basics

• Designed to allow users to authenticate over an open network.– Network is assumed to be hostile.

• User and service keys stored on trusted server.– Key Distribution Center (KDC).

– Each key known only to KDC and owning user/service.

– User keys derived from password using non-reversible hash function.

• All encryption performed using DES.

Kerberos Basics

• Realm:– Autonomous administration unit.

– Establishes unique KDC.

– Name usually mirrors Internet domain name.

• Principal:– Unique name assigned to each user or service.

– General form: <a>/<b>@<realm>• Form for user ID: <user>@<realm>

• Identity proven using ticket.

Tickets

• Ticket identifies a user to a service.• Ticket consists of identifier and authenticator.

– Identifier establishes user’s identity.• Encrypted with key of desired service.

– Authenticator verifies that principal and sender match.• Contains time stamp.

– Both parts contain user’s principal.

– Both parts contain (the same) random session key.• Used for DES-encrypted communication between client/server.

• Ticket valid only for a specified time period.

Ticket Acquisition

• Client requests ticket from KDC.– User and service are identified in request.

• KDC sends ticket to client.– KDC generates random session key.

– KDC generates identifier.• KDC encrypts identifier with service’s key.

– KDC generates authenticator.• KDC encrypts authenticator with user’s key.

– KDC sends encrypted identifier and authenticator.

Ticket Acquisition

• Client generates user’s key from password.• Client decrypts authenticator.

– Successful decryption indicates valid password.• Time stamp in authenticator must match current time on client

machine (within a small tolerance level).

• Principal in authenticator must match desired user principal.

– Client now has user identifier.• Client machine can not ( necessarily) decode the identifier.

– Client has random session key from authenticator.

• Client erases user key and password.

Kerberos Authentication

• Password Validation.– System uses Kerberos to validate a user password.

– Client obtains ticket for user.• Service immaterial, usually ticket granting service (TGS).

• If authenticator successfully decrypted, password valid.

• System erases ticket and session key.

– Client verifies KDC (optional).• Client obtains initial ticket for service with secret key.

– Principal: host/<machine>@<realm>

• If authenticator successfully decrypted, KDC is proper one.

Kerberos Authentication

• Ticket Passing.– Client obtains service ticket for user.

– Client decrypts authenticator.• Gets random session key.

– Client constructs new authenticator.• Encrypts authenticator with random session key.

– Client sends new ticket to desired server.

– Server decrypts identifier with its own service key.• Gets random session key.

– Server decrypts authenticator with random key.

Kerberos Authentication

• System Requirements:– Time synchronized on client, server and KDC.

– Kerberos software (libraries and utilities).• MIT: http://web.mit.edu/kerberos/www.

• Heimdal: http://www.pdc.kth.se/heimdal.

– Kerberos-aware applications.

• Observation:– KDC unaware of authentication result.

• KDC can not track authentication statistics.

Kerberos Authentication

• Benefits:– Password or user key never leave client machine!

• Single exception when changing password.– Password encrypted with random key in this case.

– Software available for virtually all OS types.• Many systems now come with built-in Kerberos 5.

– Solaris, Linux, OpenBSD, MacOS X, Windows 2000.

• Disadvantages:– Applications must often be modified to use Kerberos.

Kerberos Authentication

• Perl Interface: Authen::Krb5::Simple– Provides Kerberos authentication to Perl script.

– Easy to use.

– Requires Kerberos 5 C library and headers.• Works with MIT or Heimdal.

– ftp://ftp.cpan.org/pub/CPAN/modules/by-module/Authen/Authen-Krb5-Simple-0.31.tar.gz

– Sample script: http://www.ualberta.ca/~antoine/authentation/krb5.pl

Kerberos Authentication

• Introductory Reading:– B. Tung. A Moron’s Guide To Kerberos, Version 1.2.2

http://www.isi.edu/gost/brian/security/kerberos.html

– B. Bryant. Designing An Authentication System: A Dialogue In Four Scenes

ftp://athena-dist.mit.edu/pub/kerberos/doc/dialogue.PS

LDAP

• Directory lookup protocol.• Directory data stored in database on server.

– Generally holds data about people or resources.

• Data structured as tree.– Each node has label and value.

• Distinguished name (DN):– Full path of entry in directory.

– Consists of labels and values of all nodes to entry.

– DN: uid=<user>,ou=people,dc=ualberta,dc=ca

LDAP

• Data can be public or private.• Authentication:

– Password can be associated with node.

– Client opens connection to LDAP server.• Connection unencrypted or encrypted using SSL.

– Client binds as anonymous or as specified DN.• Password not needed for anonymous bind.

• Password passed as part of bind request.

• Password sent compared to local copy on server.

• Successful bind indicates correct password.

• Bind-based authentication.

LDAP

• OpenLDAP server allows use of Kerberos KDC.– Server password entry replaced with calls to KDC.

• Operates in Kerberos password validation mode.

LDAP

• Perl Interface: Net::LDAPS– Provides LDAP functionality to Perl script.

• Includes LDAP authentication.

– Requires other Perl modules.• See README file.

– http://prdownloads.sourceforge.net/perl-ldap/perl-ldap-0.28.tar.gz

– Sample script: http://www.ualberta.ca/~antoine/authentation/ldaps.pl

• Does NOT verify SSL certificate.– SSL certificate must be verified in production use.

Active Directory (AD)

• Combination of DNS, LDAP, and Kerberos.– Authentication performed using Kerberos 5.

• Inter-operates with MIT Kerberos.– MIT clients can authenticate seamlessly to AD server.

– AD clients can authenticate to MIT server.• Requires some configuration.

• Windows client machines require special host key.– Principal: host/<machine>@<realm>

– User authenticates to MIT realm.• Client machine uses MIT ticket for resource access.

Active Directory (AD)

• AD forest can inter-operate with MIT KDC.– AD domain controllers require trust relationship with

MIT KDC.• AD must trust MIT KDC.

• MIT KDC need not trust AD..

– Requires special key.• Principal: krbtgt/<AD domain>@<realm>

– Requires patch to MIT Kerberos server.

– User authenticates to MIT realm.• AD uses resulting MIT ticket to provide access to resources.

Apache

• Web pages can be public or private.• Client opens connection to web server.

– Connection unencrypted or encrypted using SSL.

• Basic authentication:– Web server queries client for user ID and password.

– Checks password against local password database.• htpasswd

Apache

• Mod_auth_kerb.– Replaces local password check with calls to Kerberos.

– Operates in password validation mode.

– http://modauthkerb.sourceforge.net

Cookies

• Used to retain state in web environment– HTTP protocol is stateless.

– Cookie keeps user-specific information between calls to web server.

• Identifies user to web server.

– Web server sends cookie to client browser.• Transfer is transparent to user.

– Web server retrieves cookie on subsequent calls.• May update contents on each call.

Cookies

• Many security/privacy issues associated with use.– Severity dependent on each specific web server.

• http://www.cookiecentral.com

Pubcookie

• Standalone logon server.– Interface between web server and authentication method

s.• Interfaces with Kerberos, LDAP, NIS.

– Returns cookie containing identity of user.

• Component modules for Apache and IIS servers.– Replaces other authentication modules.

• Client browsers require no change.

Pubcookie

• Operation:– Client browser contacts web server.

– Server checks for authentication cookie.• If found, web server passes back requested data.

• Request complete.

– Server redirects browser to logon server.• Redirect requests contains original URL in cookie.

– Login server prompts for user ID/password.

– Logon server validates ID and password.

– Logon server generates authentication cookie.

Pubcookie– Logon server redirects browser back to original URL.

• Redirect includes authentication cookie.

• Also includes cookie for future use by logon server.– Eliminates need to re-enter user ID/password repeatedly.

– Web server will now send requested data.

• Authentication cookies have fixed lifetime.• Single signon implementation for web services.

– Same authentication cookie works for all web servers using pubcookie.

• http://www.pubcookie.org

PAM

• Pluggable authentication module.• Designed by SUN.

– Supported by SUN, Linux, HP.

• Generic API between application and authentication method.– Client performs authentication by calling API routines.

– Authentication methods implemented as dynamically loadable modules.

– Configuration file determines modules to be used for given application.

PAM

• Benefits:– Application need only support generic API.

– New authentication methods added as modules.• Configuration file change implements new method for

application.

• Minimizes support requirements.

– More than one method can be used by application.• Configuration file determines order attempted.

PAM

• Disadvantages:– No support for AIX, BSD.

– Unix-only.

– SUN and Linux APIs differ slightly.

• Web sites:– SUN: http://www.sun.com/solaris/pam

– Linux: http://www.kernel.org/pub/linux/libs/pam

U of A Activities

• Objectives:– Minimize number of IDs/passwords for any user.

– Cover all services/platforms.

– Secure Authentication.• No clear-text.

• Kerberos 5 primary authentication method.– 60,000+ users.

– 2 servers:• krb5-1.srv.ualberta.ca and krb5-2.srv.ualberta.ca

– Preferred protocol for client authentication.

U of A Activities

• SAMBA provides Windows NT authentication.– samba.srv.ualberta.ca

– SAMBA password database synchronized real-time with Kerberos.

• OpenLDAP provides LDAP authentication.– ldapauth.srv.ualberta.ca

– LDAP authentication translated to Kerberos calls.• No passwords or keys on LDAP server.

– Only LDAPS protocol supported.

U of A Activities

• Active Directory.– Windows 2000/XP standalone clients can authenticate

using MIT KDC servers.• Web-based configuration instructions in final stages.

• Web-based tool for obtaining required host key near completion.

– Initial attempt at root AD server begun.• Some success at using MIT KDC servers in AD forest.

• Needs more work.

• Web-based tool for obtaining required trust key near completion.

U of A Activities

• Pubcookie.– Logon server being tested.

• Password changes only permitted via web page.– HTTPS access, only.

– Forces use of good passwords.

– Keeps Kerberos and Samba servers synchronized.