idnits 2.17.1 draft-ietf-cat-kerb-chg-password-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 5 longer pages, the longest (page 1) being 61 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC1510]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1510 (Obsoleted by RFC 4120, RFC 6649) Summary: 10 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Horowitz 3 Stonecast, Inc. 4 Internet-Draft August, 1998 6 Kerberos Change Password Protocol 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as ``work in progress.'' 20 To learn the current status of any Internet-Draft, please check the 21 ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow 22 Directories on ftp.ietf.org (US East Coast), nic.nordu.net 23 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 24 Rim). 26 Distribution of this memo is unlimited. Please send comments to the 27 mailing list. 29 Abstract 31 The Kerberos V5 protocol [RFC1510] does not describe any mechanism 32 for users to change their own passwords. In order to promote 33 interoperability between workstations, personal computers, terminal 34 servers, routers, and KDC's from multiple vendors, a common password 35 changing protocol is required. 37 Overview 39 When a user wishes to change his own password, or is required to by 40 local policy, a simple request of a password changing service is 41 necessary. This service must be implemented on at least one host for 42 each Kerberos realm, probably on one of the kdc's for that realm. 43 The service must accept requests on UDP port 464 (kpasswd), and may 44 accept requests on TCP port 464 as well. 46 The protocol itself consists of a single request message followed by 47 a single reply message. For UDP transport, each message must be 48 fully contained in a single UDP packet. 50 Request Message 52 0 1 2 3 53 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 54 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 55 | message length | protocol version number | 56 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 57 | AP_REQ length | AP-REQ data / 58 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 59 / KRB-PRIV message / 60 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 message length (16 bits) 63 Contains the length of the message, including this field, in bytes 64 (big-endian integer) 65 protocol version number (16 bits) 66 Contains the hex constant 0x0001 (big-endian integer) 67 AP-REQ length (16 bits) 68 length (big-endian integer) of AP-REQ data, in bytes. 69 AP-REQ data, as described in RFC1510 (variable length) 70 This AP-REQ must be for the service principal 71 kadmin/changepw@REALM, where REALM is the REALM of the user who 72 wishes to change his password. The Ticket in the AP-REQ must be 73 derived from an AS request (thus having the INITIAL flag set), and 74 must include a subkey in the Authenticator. 75 KRB-PRIV message, as described in RFC1510 (variable length) 76 This KRB-PRIV message must be generated using the subkey in the 77 Authenticator in the AP-REQ data. The user-data component of the 78 message must consist of the user's new password. 80 The server must verify the AP-REQ message, decrypt the new password, 81 perform any local policy checks (such as password quality, history, 82 authorization, etc.) required, then set the password to the new value 83 specified. 85 The principal whose password is to be changed is the principal which 86 authenticated to the password changing service. This protocol does 87 not address administrators who want to change passwords of principal 88 besides their own. 90 Reply Message 92 0 1 2 3 93 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 94 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 95 | message length | protocol version number | 96 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 97 | AP_REP length | AP-REP data / 98 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 99 / KRB-PRIV or KRB-ERROR message / 100 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 102 message length (16 bits) 103 Contains the length of the message, including this field, in bytes 104 (big-endian integer), 105 protocol version number (16 bits) 106 Contains the hex constant 0x0001 (big-endian integer) 107 AP-REP length (16 bits) 108 length of AP-REP data, in bytes. If the the length is zero, then 109 the last field will contain a KRB-ERROR message instead of a KRB- 110 PRIV message. 111 AP-REP data, as described in RFC1510 (variable length) 112 The AP-REP corresponding to the AP-REQ in the request packet. 113 KRB-PRIV or KRB-ERROR message, as described in RFC1510 (variable 114 length) 115 If the AP-REP length is zero, then this field contains a KRB-ERROR 116 message. Otherwise, it contains a KRB-PRIV message. This KRB- 117 PRIV message must be generated using the subkey in the 118 Authenticator in the AP-REQ data. 120 The user-data component of the KRB-PRIV message, or e-data 121 component of the KRB-ERROR message, must consist of the following 122 data: 124 0 1 2 3 125 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 127 | result code | result string / 128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 130 result code (16 bits) 131 The result code must have one of the following values (big- 132 endian integer): 133 0x0000 if the request succeeds. (This value is not permitted 134 in a KRB-ERROR message.) 135 0x0001 if the request fails due to being malformed 136 0x0002 if the request fails due to a "hard" error processing 137 the request (for example, there is a resource or other 138 problem causing the request to fail) 139 0x0003 if the request fails due to an error in authentication 140 processing 141 0x0004 if the request fails due to a "soft" error processing 142 the request (for example, some policy or other similar 143 consideration is causing the request to be rejected). 144 0xFFFF if the request fails for some other reason. 145 Although only a few non-zero result codes are specified here, 146 the client should accept any non-zero result code as indicating 147 failure. 148 result string (variable length) 149 This field should contain information which the server thinks 150 might be useful to the user, such as feedback about policy 151 failures. The string must be encoded in UTF-8. It may be 152 omitted if the server does not wish to include it. If it is 153 present, the client should display the string to the user. 154 This field is analogous to the string which follows the numeric 155 code in SMTP, FTP, and similar protocols. 157 Dropped and Modified Messages 159 An attacker (or simply a lossy network) could cause either the 160 request or reply to be dropped, or modified by substituting a KRB- 161 ERROR message in the reply. 163 If a request is dropped, no modification of the password/key database 164 will take place. If a reply is dropped, the server will (assuming a 165 valid request) make the password change. However, the client cannot 166 distinguish between these two cases. 168 In this situation, the client should construct a new authenticator, 169 re-encrypt the request, and retransmit. If the original request was 170 lost, the server will treat this as a valid request, and the password 171 will be changed normally. If the reply was lost, then the server 172 should take care to notice that the request was a duplicate of the 173 prior request, because the "new" password is the current password, 174 and the password change time is within some implementation-defined 175 replay time window. The server should then return a success reply 176 (an AP-REP message with result code == 0x0000) without actually 177 changing the password or any other information (such as modification 178 timestamps). 180 If a success reply was replaced with an error reply, then the 181 application performing the request would return an error to the user. 182 In this state, the user's password has been changed, but the user 183 believes that it has not. If the user attempts to change the 184 password again, this will probably fail, because the user cannot 185 successfully provide the old password to get an INITIAL ticket to 186 make the request. This situation requires administrative 187 intervention as if a password was lost. This situation is, 188 unfortunately, impossible to prevent. 190 Security Considerations 192 This document deals with changing passwords for Kerberos. Because 193 Kerberos is used for authentication and key distribution, it is 194 important that this protocol use the highest level of security 195 services available to a particular installation. Mutual 196 authentication is performed, so that the server knows the request is 197 valid, and the client knows that the request has been received and 198 processed by the server. 200 There are also security issues relating to dropped or modified 201 messages which are addressed explicitly. 203 References 205 [RFC1510] Kohl, J. and Neuman, C., "The Kerberos Network 206 Authentication Service (V5)", RFC 1510, September 1993. 208 Author's Address 210 Marc Horowitz 211 Stonecast, Inc. 212 108 Stow Road 213 Harvard, MA 01451 215 Phone: +1 978 456 9103 216 Email: marc@stonecast.net