[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Disable GSSAPI confidentiality

On Fri, 12 Dec 2008, Jeremiah Martell wrote:
> Interesting. I wanted to do this because Microsoft servers complain 
> about redundant encryption.
> If your GSSAPI provides confidentiality, and you're trying to use TLS,
> they barf out this error:
> Cannot start kerberos signing/sealing when using TLS/SSL
> I'll experiment with setting it to 1, but perhaps I'm already
> protected by using TLS from the things you mentioned?

Short answer: yes.

All the normally enabled TLS cipher suites provide integrity protection 
(and confidentiality, for that matter).

Long answer: it depends

The issue is that there's no 'binding' of the GSSAPI authentication to the 
TLS channel: the GSSAPI bits on the two ends can't be sure that they're 
actually talking across the same secure channel.

The classic illustration is a server that requires confidentiality, but a 
client that doesn't.  If the client sends a bind that doesn't request 
confidentiality without first doing StartTLS, the server will reject it 
(or require confidentiality to be negotiated anyway, I don't remember 
which).  However, an active attacker could intercept the client's 
connection, then make its own connection to the server and negotiate TLS 
and pass the data between those.  The server would think the connection 
has confidentiality and let it go forward, but that's not actually true.

There are two solutions to this:
1) enforce the confidentiality requirement in the client (if TLS is used,
   then checking of the server's cert must be done for this to be secure)
2) use a SASL mechanism that supports "channel bindings"

The latter is still a work in progress and will require time for support 
to be taken up by clients and servers.

Right now, if you're using an LDAP client with ldaps or that requires 
StartTLS (ala the -ZZ option) and it does proper server certificate 
checking (which has been the default in OpenLDAP since at least 2.2), then 
you're fine, but keep in mind that enforcing the confidentiality of the 
connection is incumbent on the client doing those correctly.

Philip Guenther