Kerberos PAKE Preauth Mechanism

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Kerberos PAKE Preauth Mechanism

Nathaniel McCallum-5
For some background to where we are going, please check out this page:
http://k5wiki.kerberos.org/wiki/Projects/Improve_OTP_deployability

I plan to document all this stuff in the coming weeks. But the big
reveal is a new preauth mech: https://github.com/npmccallum/krb5-pake

All the caveats apply: this is completely insecure and will steal your
passwords. Don't use it anywhere but a test setup.

You will also need a patch to enable support for
KDC_ERR_MORE_PREAUTH_DATA_REQUIRED:
https://github.com/krb5/krb5/pull/245

Comments/reviews welcome.

Nathaniel


_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev