update on kerberos extensibility
play

Update on Kerberos Extensibility - PowerPoint PPT Presentation

Feb 02, 2023 •318 likes •407 views

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61 Kerberos Extensibility Document Status Notational Conventions Future Plans 1 Document Status Updates from -00 Update I-D boilerplate

  1. Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61

  2. Kerberos Extensibility • Document Status • Notational Conventions • Future Plans 1

  3. Document Status Updates from -00 • Update I-D boilerplate • Drop information object notation (for now) • More text explaining ASN.1 usage • More KDC-REQ description • Tighten constraints on IA5 vs UTF8 strings 2

  4. Document Status (cont’d) Updates from -01 • More complete • Text on extensibility/criticality (from Sam) • Typed holes can use RELATIVE-OID or integers • Language tags • Rough IANA considerations 3

  5. Notational Conventions • Which convention for ASN.1 identifiers in text? • ASN.1 has lexically significant case • Possible confusion if identifiers not set off from text 4

  6. Notational Conventions (cont’d) • RFC 1510 and Clarifications use C-styled ALL_CAPS • C-styled: #define KDC_ERR_PREAUTH_FAILED 24 • ASN.1-styled: kdc-err-preauth-failed ErrCode ::= 24 • ALL_CAPS vs "quoted" ? 5

  7. Future Plans • What should the module look like? • Which IANA assignment policies? • Incorporate preauth framework? • Different document name? 6

Recommend

Extensibility in the Kerberos Protocol Sam Hartman Mekinok, Inc. IETF 52 Table of Contents

Extensibility in the Kerberos Protocol Sam Hartman Mekinok, Inc. IETF 52 Table of Contents

Extensibility in the Kerberos Protocol Sam Hartman Mekinok, Inc. IETF 52 Table of Contents Slide Title Slide# I. Why Extensibility? 4 Arguments for Extensibility 5 Protocol Requirements from Vendors 6 IETF Concerns About Vendor

234 views • 22 slides
AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school

AFS and Kerberos 5 Ken Hornstein Naval Research Laboratory Kerberos Use in AFS, old school Kerberos implementation based on V4 protocol. Client-server transport uses RX. Raw Kerberos binary ticket placed in credential cache

251 views • 11 slides
Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding

Kerberos Working Group Internationalization for Extensions Jeffrey Altman PAGE 1 Guiding Principles Use Unicode restricted as needed to provide interoperability and future extensibility A single set of string preparation rules for all

173 views • 14 slides
Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES

Akademska in raziskovalna mrea Slovenije Connecting Web and Kerberos SSO Connecting Web and Kerberos SSO Rok Pape ARNES aaa-podpora@arnes.si Cork Institute of Technology Cork, Ireland, 19.5.2009 Kerberos Kerberos Akademska in

353 views • 16 slides
A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol

A Basic Introduction to Kerberos Ken Hornstein NRL Kerberos Introduction A network protocol developed at MIT as part of Project Athena. Is a shared-secret, trusted third party authentication system. Uses encryption to provide

280 views • 8 slides
OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006

OTP Kerberos Kerberos Working Group IETF, Montreal July 2006 WORKING DRAFT: 30 June 2006 Background Proposal is to define extensions to Kerberos V5 (rfc4120) to support pre-authentication using an OTP Three main aims: Allow an OTP

180 views • 14 slides
Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure

Kerberos4 1 Kerberos V4 Slide 1 Kerberos network authentication using Needham-Schroeder insecure network: listen, modify secret key login session : from login to logout Version 5: more complex, not just TCP/IP, greater

98 views • 7 slides
Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many

Kerberos https://web.mit.edu/kerberos/ https://tools.ietf.org/html/rfc4120 slide 1 Many-to-Many Authentication ? Servers Users How do users prove their identities when requesting services from machines on the network? Nave solution:

359 views • 10 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding COMP4631 L16 1 Agenda Distributed system security Introduction to Kerberos V4 Kerberos Realms Authentication with Kerberos in Windows NT 5

751 views • 30 slides
Kerberos & X.509 11

Kerberos & X.509 11

Kerberos & X.509 11 Network Security, Principles and Practice,2nd Ed. :

767 views • 51 slides
Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17

Kerberos for Distributed Systems Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - L17 1 Agenda Distributed system security Introduction to Kerberos Kerberos Version 4 Authentication Protocol Authentication with Kerberos

494 views • 28 slides
Network Security: Kerberos Guevara Noubir noubir@ccs.neu.edu Network Security Reading

Network Security: Kerberos Guevara Noubir noubir@ccs.neu.edu Network Security Reading

Network Security: Kerberos Guevara Noubir noubir@ccs.neu.edu Network Security Reading assignment: Chapters 13-14 G. Noubir, Network Security Kerberos Outline Kerberos V4 Kerberos V5 G. Noubir, Network Security Kerberos 2 What is

1.16k views • 9 slides
Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions

Questioning Kerberos Assumptions Sam Hartman IETF 63 Questioning Kerberos Assumptions Principal Names are not remapped in cross-realm The destination KDC is not involved in cross-realm Privacy of principal names 1 Why Remap

534 views • 19 slides
Todays Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27,

Todays Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27,

11/27/17 Todays Objec2ves Kerberos Peer To Peer Overlay Networks Final Projects Nov 27, 2017 Sprenkle - CSCI325 1 Kerberos Trusted third party, runs by default on port 88 Security objects: Ticket: token, verifying

407 views • 30 slides
GNU/Hurd AKA Extensibility from the Ground Samuel Thibault 2011 August 26th 1 <marcus>

GNU/Hurd AKA Extensibility from the Ground Samuel Thibault 2011 August 26th 1 <marcus>

GNU/Hurd AKA Extensibility from the Ground Samuel Thibault 2011 August 26th 1 <marcus> Jeroen: you are a Hurd developer. Being insane is part of the public image. 2 It's all about freedom #0 Extensibility for the user Mount one's

326 views • 32 slides
Kerberos Nicolas Gren` eche Centre de Ressources Informatique (CRI) - Universit e dOrl

Kerberos Nicolas Gren` eche Centre de Ressources Informatique (CRI) - Universit e dOrl

Kerberos Nicolas Gren` eche Centre de Ressources Informatique (CRI) - Universit e dOrl eans Projet SDS - LIFO et ENSI de Bourges nicolas.greneche@univ-orleans.fr 11/07/2011 Sommaire Pourquoi Kerberos ? 1 Les acteurs 2 Le

497 views • 22 slides
Development of techniques to remove Kerberos credentials from Windows Systems. Nick Offerman

Development of techniques to remove Kerberos credentials from Windows Systems. Nick Offerman

Development of techniques to remove Kerberos credentials from Windows Systems. Nick Offerman Steffan Roobol 04-07-2019 Introduction Figure 1: Kerberos Protocol 2 Problem Figure 1: the LSASS process and Mimikatz. 3 Research Questions

520 views • 27 slides
Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato,

Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato,

Specifying Kerberos 5 Cross-Realm Authentication Chris Walstad Joint work with Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov Supported by ONR, NSF, NRL Overview Introduction Kerberos 5 Formalization Properties

454 views • 24 slides
Kerberos Working Group UTF-8 Stringprep Profile UTF-8 Stringprep Profile Goals and Principles

Kerberos Working Group UTF-8 Stringprep Profile UTF-8 Stringprep Profile Goals and Principles

Kerberos Working Group UTF-8 Stringprep Profile UTF-8 Stringprep Profile Goals and Principles Applicability - Kerberos strings Character Repertoire - Unicode 3.1 Unassigned Code Points - From Unicode 3.1 Mappings Normalization Prohibited

906 views • 7 slides
Variant Path Types for Scalable Extensibility Atsushi Igarashi (Kyoto Univ.) joint work with

Variant Path Types for Scalable Extensibility Atsushi Igarashi (Kyoto Univ.) joint work with

Variant Path Types for Scalable Extensibility Atsushi Igarashi (Kyoto Univ.) joint work with Mirko Viroli (Univ. Bologna) Background: Scalable Extensibility Language support for extending program components which can be uniformly

328 views • 28 slides
Kerberos Credential Thievery (GNU/Linux) Ronan Loftus, Arne Zismer July 3, 2017 Context

Kerberos Credential Thievery (GNU/Linux) Ronan Loftus, Arne Zismer July 3, 2017 Context

Kerberos Credential Thievery (GNU/Linux) Ronan Loftus, Arne Zismer July 3, 2017 Context Kerberos I Authentication protocol Reduce amount of sensitive credentials sent over the network Commonly used in Linux networks (e.g. Hadoop)

604 views • 35 slides
Extensibility for DSL design and Example implementation Step 1 Step 2 A case study in Common

Extensibility for DSL design and Example implementation Step 1 Step 2 A case study in Common

Extensibility Didier Verna Introduction Extensibility for DSL design and Example implementation Step 1 Step 2 A case study in Common Lisp Step 3 Step 4 Wrap Up Didier Verna Conclusion Discussion didier@lrde.epita.fr

469 views • 28 slides
JPL's Kerberos 5 Upgrade Henry B. Hotz Jet Propulsion Laboratory California Institute of

JPL's Kerberos 5 Upgrade Henry B. Hotz Jet Propulsion Laboratory California Institute of

JPL's Kerberos 5 Upgrade Henry B. Hotz Jet Propulsion Laboratory California Institute of Technology Henry B. Hotz Kerberos 5 Upgrade Overview Preparation Requirements and Testing MIT/KTH (Heimdal) Tradeoff Doing the upgrade

708 views • 9 slides
DSLs from the Perspective of Extensible Taxonomy Extensibility Languages Example Internal

DSLs from the Perspective of Extensible Taxonomy Extensibility Languages Example Internal

Extensibility Didier Verna DSL Overview DSLs from the Perspective of Extensible Taxonomy Extensibility Languages Example Internal External Conclusion Discussion Didier Verna didier@lrde.epita.fr http://www.lrde.epita.fr/didier ACCU

567 views • 29 slides

More recommend