KDC: weak crypto in default settings

A helpful hwoto for users who want to update the weak KDC master key with state-of-the-art crypto:
https://docs.oracle.com/cd/E36784_01/html/E37126/st-mkey-1.html

Here is a collection of guides from upstream MIT kerberos:

https://web.mit.edu/kerberos/krb5-latest/doc/admin/enctypes.html#migrating-away-from-older-encryption-types

This was fixed in debian and is currently in kinetic-proposed:

https://launchpad.net/ubuntu/+source/krb5/1.20-1

I'm unsure how to approach this from an SRU perspective, given it's a configuration setting in the default config file that is ship:

--- a/debian/kdc.conf
+++ b/debian/kdc.conf
@@ -10,7 +10,7 @@
         kdc_ports = 750,88
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
- master_key_type = des3-hmac-sha1
+ #master_key_type = aes256-cts
         #supported_enctypes = aes256-cts:normal aes128-cts:normal
         default_principal_flags = +preauth
     }

Actually, looks like it could be simple, as in, do nothing out of the ordinary. The config file is not shipped as /etc/krb5kdc/kdc.conf:
    db_get krb5-kdc/debconf
    DEBCONF="$RET"

    if [ ! -f /etc/krb5kdc/kdc.conf ] && [ $DEBCONF = "true" ] ; then
        sed -e "s/@MYREALM/$KRB5LD_DEFAULT_REALM/" \
            /usr/share/krb5-kdc/kdc.conf.template > /etc/krb5kdc/kdc.conf
    fi

A quick upgrade test in a few scenarios should suffice.

@mdeslaur, should we SRU this?

Oh, so it only copies the file over on new installs, that makes sense, and could be easily changed in stable releases.

I have no big preference, but perhaps it would be good to have it SRUed to 22.04.

>>>>> "Marc" == Marc Deslauriers <email address hidden> writes:

    Marc> Oh, so it only copies the file over on new installs, that
    Marc> makes sense, and could be easily changed in stable releases.

It's actually even less likely to cause problems than it might appear.
That config value should only be used by kdb5_util create.
Once /etc/krb5kdc/stash is created, I'd expect the encryption type in
that file will be used, and even if somehow kdc.conf were updated, it
would still continue to work.

We probably should start thinking about how to upgrade existing
databases, because we're going to want to do that before 3DES is removed
from the code.
That's going to be tricky because of the various replication and
database storage strategies. For example a Freeipa database is handled
differently than a raw Kerberos database than an LDAP database.
But we don't need to solve any of that today, and whatever we can do to
make new realms work better will help that eventual upgrade process
along.

--Sam

This was fixed in Kinetic with https://launchpad.net/ubuntu/+source/krb5/1.20-1

krb5 (1.20-1) unstable; urgency=medium

  * New Upstream Version
  * Do not specify master key type to avoid weak crypto, Closes: #1009927

 -- Sam Hartman <email address hidden> Fri, 22 Jul 2022 16:32:38 -0600

Hello Thomas, or anyone else affected,

Accepted krb5 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

# Jammy verification

a) Upgrade test does not change algorithm

With the release packages installed:
$ apt-cache policy krb5-kdc
krb5-kdc:
  Installed: 1.19.2-2ubuntu0.1
  Candidate: 1.19.2-2ubuntu0.1
  Version table:
 *** 1.19.2-2ubuntu0.1 500
        500 http://br.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages
(...)

We get the expected deprecation cipher and warnings:
$ sudo grep master_key_type /etc/krb5kdc/kdc.conf
        master_key_type = des3-hmac-sha1

$ sudo klist -ke /etc/krb5kdc/stash
Keytab name: FILE:/etc/krb5kdc/stash
KVNO Principal
---- --------------------------------------------------------------------------
   1 K/M@LXD (DEPRECATED:des3-cbc-sha1)

Upgrading to the package in proposed:
$ apt-cache policy krb5-kdc
krb5-kdc:
  Installed: 1.19.2-2ubuntu0.2
  Candidate: 1.19.2-2ubuntu0.2
  Version table:
 *** 1.19.2-2ubuntu0.2 500
        500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages
(...)

Repeating the checks, the algorithm is the same:

$ sudo grep master_key_type /etc/krb5kdc/kdc.conf
        master_key_type = des3-hmac-sha1

$ sudo klist -ke /etc/krb5kdc/stash
Keytab name: FILE:/etc/krb5kdc/stash
KVNO Principal
---- --------------------------------------------------------------------------
   1 K/M@LXD (DEPRECATED:des3-cbc-sha1)

(to be continued)

# Jammy verification (continuation)

b) Fresh install of proposed packages
$ apt-cache policy krb5-kdc
krb5-kdc:
  Installed: 1.19.2-2ubuntu0.2
  Candidate: 1.19.2-2ubuntu0.2
  Version table:
 *** 1.19.2-2ubuntu0.2 500
        500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages
(...)

Master key type changed, but commented:

$ sudo grep master_key_type /etc/krb5kdc/kdc.conf
        #master_key_type = aes256-cts

Actual algorithm used for it is now aes256-cts-hmac-sha1-96:

$ sudo klist -ke /etc/krb5kdc/stash
Keytab name: FILE:/etc/krb5kdc/stash
KVNO Principal
---- --------------------------------------------------------------------------
   1 K/M@LXD (aes256-cts-hmac-sha1-96)

Jammy verification succeeded.

This bug was fixed in the package krb5 - 1.19.2-2ubuntu0.2

---------------
krb5 (1.19.2-2ubuntu0.2) jammy; urgency=medium

  * d/kdc.conf: Do not specify master key type to avoid weak crypto for
    new realms. Existing realms will not be changed. (LP: #1981697)

 -- Andreas Hasenack <email address hidden> Thu, 06 Apr 2023 19:21:06 -0300

The verification of the Stable Release Update for krb5 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.