From the “Crypto-Gram” mailing list, March 15, by Bruce Schnier:
Kerberos is a symmetric-key authentication scheme. It was developed at MIT
as part of their Project Athena in the 1980s – the protocol was published
in October 1988 – and has been implemented on various flavors of
UNIX. The current version is Kerberos Version 5, which corrected some
security vulnerabilities in Version 4. It’s never taken over the
authentication world, but it is used in many networks. These days, the
Internet Engineering Task Force (IETF) controls the specification for Kerberos.
Kerberos is a client-server authentication protocol. (Applied
Cryptography goes into the protocol in detail.) For the point of this
article, remember that there is a secure Kerberos server on a
network. Clients log into the Kerberos server and get secure
“tickets.” The clients can use these tickets to log onto other servers on
the network: file servers, databases, etc.
Kerberos is now part of Microsoft Windows 2000, sort of. The issue is that
Microsoft has made changes to the protocol to make it noninteroperable with
the Kerberos standard, and with any products that implement Kerberos correctly.
Specifically, the incompatibility has to do with something called the “data
authorization field” in the Kerberos messages. All major Kerberos
implementations leave the field blank. The new Microsoft implementation
does not; it uses the field to exchange access privileges between the
Kerberos server and the client.
There are two ways to look at this:
o Since the field has no specific uses in the protocol (and no one else
uses it), the fact that Microsoft is using the protocol is harmless.
o Because Microsoft is refusing to publish details about its proprietary
use of the field, they are harming interoperability and
standardization. Other Kerberos vendors cannot directly support Windows
2000 clients.
Even worse, Microsoft bypassed the IETF in this process (there’s a
procedure you’re supposed follow if you want to enhance, deviate from, or
modify an IETF standard).
On the surface, this is just nasty business practices. If you’re a company
that has invested in a UNIX-based Kerberos authentication system and you
want to support Windows 2000 desktops, your only real option is to buy a
Windows 2000 Kerberos server and pay for the integration. I’m sure this is
what Microsoft wants.
My worry is more about the security. Protocols are very fragile; we’ve
learned that time and time again. You can’t just make changes to a
security protocol and assume the changed protocol will be
secure. Microsoft has taken the Kerberos protocol – a published protocol
that has gone through over a decade of peer review – and has made changes
in it that affect security. Even worse, they have made those changes in
secret and have not released the details to the world.
Don’t be fooled. The Kerberos in Windows 2000 is not Kerberos. It does
not conform to the Kerberos standard. It is Kerberos-like, but we don’t
know how secure it is.
Kerberos Web page: http://www.isi.edu/gost/gost-group/products/kerberos/
IETF Specification:
ftp://ftp.isi.edu/in-notes/rfc1510.txt
ftp://athena-dist.mit.edu/pub/kerberos/doc/techplan.txt
Microsoft Kerberos information:
Windows 2000 Kerberos Authentication white paper – http://www.microsoft.com/windows2000/library/howitworks/security/kerberos.asp
Introduction to Windows 2000 Security Services – http://www.microsoft.com/WINDOWS2000/guide/server/features/secintro.asp
Guide to Kerberos Interoperability – http://www.microsoft.com/windows2000/library/planning/security/kerbsteps.asp
Article by David Chappell about Kerberos and Windows 2000 – http://www.microsoft.com/msj/defaulttop.asp?page=/msj/0899/kerberos/kerbero
stop.htm