📄 rfc1510.txt
字号:
Network Working Group J. KohlRequest for Comments: 1510 Digital Equipment Corporation C. Neuman ISI September 1993 The Kerberos Network Authentication Service (V5)Status of this Memo This RFC specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited.Abstract This document gives an overview and specification of Version 5 of the protocol for the Kerberos network authentication system. Version 4, described elsewhere [1,2], is presently in production use at MIT's Project Athena, and at other Internet sites.Overview Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No commercial use of these trademarks may be made without prior written permission of MIT. This RFC describes the concepts and model upon which the Kerberos network authentication system is based. It also specifies Version 5 of the Kerberos protocol. The motivations, goals, assumptions, and rationale behind most design decisions are treated cursorily; for Version 4 they are fully described in the Kerberos portion of the Athena Technical Plan [1]. The protocols are under review, and are not being submitted for consideration as an Internet standard at this time. Comments are encouraged. Requests for addition to an electronic mailing list for discussion of Kerberos, kerberos@MIT.EDU, may be addressed to kerberos-request@MIT.EDU. This mailing list is gatewayed onto the Usenet as the group comp.protocols.kerberos. Requests for further information, including documents and code availability, may be sent to info-kerberos@MIT.EDU.Kohl & Neuman [Page 1]
RFC 1510 Kerberos September 1993Background The Kerberos model is based in part on Needham and Schroeder's trusted third-party authentication protocol [3] and on modifications suggested by Denning and Sacco [4]. The original design and implementation of Kerberos Versions 1 through 4 was the work of two former Project Athena staff members, Steve Miller of Digital Equipment Corporation and Clifford Neuman (now at the Information Sciences Institute of the University of Southern California), along with Jerome Saltzer, Technical Director of Project Athena, and Jeffrey Schiller, MIT Campus Network Manager. Many other members of Project Athena have also contributed to the work on Kerberos. Version 4 is publicly available, and has seen wide use across the Internet. Version 5 (described in this document) has evolved from Version 4 based on new requirements and desires for features not available in Version 4. Details on the differences between Kerberos Versions 4 and 5 can be found in [5].Table of Contents 1. Introduction ....................................... 5 1.1. Cross-Realm Operation ............................ 7 1.2. Environmental assumptions ........................ 8 1.3. Glossary of terms ................................ 9 2. Ticket flag uses and requests ...................... 12 2.1. Initial and pre-authenticated tickets ............ 12 2.2. Invalid tickets .................................. 12 2.3. Renewable tickets ................................ 12 2.4. Postdated tickets ................................ 13 2.5. Proxiable and proxy tickets ...................... 14 2.6. Forwardable tickets .............................. 15 2.7. Other KDC options ................................ 15 3. Message Exchanges .................................. 16 3.1. The Authentication Service Exchange .............. 16 3.1.1. Generation of KRB_AS_REQ message ............... 17 3.1.2. Receipt of KRB_AS_REQ message .................. 17 3.1.3. Generation of KRB_AS_REP message ............... 17 3.1.4. Generation of KRB_ERROR message ................ 19 3.1.5. Receipt of KRB_AS_REP message .................. 19 3.1.6. Receipt of KRB_ERROR message ................... 20 3.2. The Client/Server Authentication Exchange ........ 20 3.2.1. The KRB_AP_REQ message ......................... 20 3.2.2. Generation of a KRB_AP_REQ message ............. 20 3.2.3. Receipt of KRB_AP_REQ message .................. 21 3.2.4. Generation of a KRB_AP_REP message ............. 23 3.2.5. Receipt of KRB_AP_REP message .................. 23Kohl & Neuman [Page 2]
RFC 1510 Kerberos September 1993 3.2.6. Using the encryption key ....................... 24 3.3. The Ticket-Granting Service (TGS) Exchange ....... 24 3.3.1. Generation of KRB_TGS_REQ message .............. 25 3.3.2. Receipt of KRB_TGS_REQ message ................. 26 3.3.3. Generation of KRB_TGS_REP message .............. 27 3.3.3.1. Encoding the transited field ................. 29 3.3.4. Receipt of KRB_TGS_REP message ................. 31 3.4. The KRB_SAFE Exchange ............................ 31 3.4.1. Generation of a KRB_SAFE message ............... 31 3.4.2. Receipt of KRB_SAFE message .................... 32 3.5. The KRB_PRIV Exchange ............................ 33 3.5.1. Generation of a KRB_PRIV message ............... 33 3.5.2. Receipt of KRB_PRIV message .................... 33 3.6. The KRB_CRED Exchange ............................ 34 3.6.1. Generation of a KRB_CRED message ............... 34 3.6.2. Receipt of KRB_CRED message .................... 34 4. The Kerberos Database .............................. 35 4.1. Database contents ................................ 35 4.2. Additional fields ................................ 36 4.3. Frequently Changing Fields ....................... 37 4.4. Site Constants ................................... 37 5. Message Specifications ............................. 38 5.1. ASN.1 Distinguished Encoding Representation ...... 38 5.2. ASN.1 Base Definitions ........................... 38 5.3. Tickets and Authenticators ....................... 42 5.3.1. Tickets ........................................ 42 5.3.2. Authenticators ................................. 47 5.4. Specifications for the AS and TGS exchanges ...... 49 5.4.1. KRB_KDC_REQ definition ......................... 49 5.4.2. KRB_KDC_REP definition ......................... 56 5.5. Client/Server (CS) message specifications ........ 58 5.5.1. KRB_AP_REQ definition .......................... 58 5.5.2. KRB_AP_REP definition .......................... 60 5.5.3. Error message reply ............................ 61 5.6. KRB_SAFE message specification ................... 61 5.6.1. KRB_SAFE definition ............................ 61 5.7. KRB_PRIV message specification ................... 62 5.7.1. KRB_PRIV definition ............................ 62 5.8. KRB_CRED message specification ................... 63 5.8.1. KRB_CRED definition ............................ 63 5.9. Error message specification ...................... 65 5.9.1. KRB_ERROR definition ........................... 66 6. Encryption and Checksum Specifications ............. 67 6.1. Encryption Specifications ........................ 68 6.2. Encryption Keys .................................. 71 6.3. Encryption Systems ............................... 71 6.3.1. The NULL Encryption System (null) .............. 71 6.3.2. DES in CBC mode with a CRC-32 checksum (descbc-crc)71Kohl & Neuman [Page 3]
RFC 1510 Kerberos September 1993 6.3.3. DES in CBC mode with an MD4 checksum (descbc-md4) 72 6.3.4. DES in CBC mode with an MD5 checksum (descbc-md5) 72 6.4. Checksums ........................................ 74 6.4.1. The CRC-32 Checksum (crc32) .................... 74 6.4.2. The RSA MD4 Checksum (rsa-md4) ................. 75 6.4.3. RSA MD4 Cryptographic Checksum Using DES (rsa-md4-des) ......................................... 75 6.4.4. The RSA MD5 Checksum (rsa-md5) ................. 76 6.4.5. RSA MD5 Cryptographic Checksum Using DES (rsa-md5-des) ......................................... 76 6.4.6. DES cipher-block chained checksum (des-mac) 6.4.7. RSA MD4 Cryptographic Checksum Using DES alternative (rsa-md4-des-k) ........................... 77 6.4.8. DES cipher-block chained checksum alternative (des-mac-k) ........................................... 77 7. Naming Constraints ................................. 78 7.1. Realm Names ...................................... 77 7.2. Principal Names .................................. 79 7.2.1. Name of server principals ...................... 80 8. Constants and other defined values ................. 80 8.1. Host address types ............................... 80 8.2. KDC messages ..................................... 81 8.2.1. IP transport ................................... 81 8.2.2. OSI transport .................................. 82 8.2.3. Name of the TGS ................................ 82 8.3. Protocol constants and associated values ......... 82 9. Interoperability requirements ...................... 86 9.1. Specification 1 .................................. 86 9.2. Recommended KDC values ........................... 88 10. Acknowledgments ................................... 88 11. References ........................................ 89 12. Security Considerations ........................... 90 13. Authors' Addresses ................................ 90 A. Pseudo-code for protocol processing ................ 91 A.1. KRB_AS_REQ generation ............................ 91 A.2. KRB_AS_REQ verification and KRB_AS_REP generation 92 A.3. KRB_AS_REP verification .......................... 95 A.4. KRB_AS_REP and KRB_TGS_REP common checks ......... 96 A.5. KRB_TGS_REQ generation ........................... 97 A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation 98 A.7. KRB_TGS_REP verification ......................... 104 A.8. Authenticator generation ......................... 104 A.9. KRB_AP_REQ generation ............................ 105 A.10. KRB_AP_REQ verification ......................... 105 A.11. KRB_AP_REP generation ........................... 106 A.12. KRB_AP_REP verification ......................... 107 A.13. KRB_SAFE generation ............................. 107 A.14. KRB_SAFE verification ........................... 108Kohl & Neuman [Page 4]
RFC 1510 Kerberos September 1993 A.15. KRB_SAFE and KRB_PRIV common checks ............. 108 A.16. KRB_PRIV generation ............................. 109 A.17. KRB_PRIV verification ........................... 110 A.18. KRB_CRED generation ............................. 110 A.19. KRB_CRED verification ........................... 111 A.20. KRB_ERROR generation ............................ 1121. Introduction Kerberos provides a means of verifying the identities of principals, (e.g., a workstation user or a network server) on an open (unprotected) network. This is accomplished without relying on authentication by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that packets traveling along the network can be read, modified, and inserted at will. (Note, however, that many applications use Kerberos' functions only upon the initiation of a stream-based network connection, and assume the absence of any "hijackers" who might subvert such a connection. Such use implicitly trusts the host addresses involved.) Kerberos performs authentication under these conditions as a trusted third- party authentication service by using conventional cryptography, i.e., shared secret key. (shared secret key - Secret and private are often used interchangeably in the literature. In our usage, it takes two (or more) to share a secret, thus a shared DES key is a secret key. Something is only private when no one but its owner knows it. Thus, in public key cryptosystems, one has a public and a private key.) The authentication process proceeds as follows: A client sends a request to the authentication server (AS) requesting "credentials" for a given server. The AS responds with these credentials, encrypted in the client's key. The credentials consist of 1) a "ticket" for the server and 2) a temporary encryption key (often called a "session key"). The client transmits the ticket (which contains the client's identity and a copy of the session key, all encrypted in the server's key) to the server. The session key (now shared by the client and server) is used to authenticate the client,⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -