OpenAFS is Migrating Away From Single DES; kaserver is Deprecated

AFS version 3 was designed and implemented during the late 80s and early 90s when the state of the art in distributed computer authentication and data security was Kerberos 4 and single DES. The RXKAD security class was specified to use a single DES key and the kauth authentication protocol is a derivative of MIT's Kerberos 4 protocol.

For the better part of the last decade there has been concern regarding the cryptographic strength of the DES cipher when used as a building block within systems intended to prove authentication and/or data integrity and privacy. Kerberos 4 and RXKAD are not extensible and cannot negotiate non-DES key types. As a result efforts to migrate away from Kerberos 4 based authentication at higher risk organizations have been underway since the mid to late 90s. Ken Hornstein issued the first of his Kerberos 5 migration kits for AFS in May 1999.

In March 2003, the continued use of single DES and kauth as the basis for OpenAFS security became a real-world threat when a significant Kerberos 4 crossrealm vulnerability was published. The OpenAFS community was notified in security advisory OPENAFS-SA-2003-001 which can be found at http://www.openafs.org/security.

As a result of the mounting concerns regarding the strength of DES, NIST announced in May 2003 the withdrawal of FIPS 43-3 "Data Encryption Standard (DES)" as well as the associated FIPS 74 and FIPS 81. In other words, NIST announced that DES and its derivatives could no longer be used by the United States Government and should no longer by those that trust its lead.

In July 2003 MIT announced the end of life of the Kerberos 4 protocol which is distributed for backward compatibility as part of the MIT Kerberos 5 distribution. A copy of that announcement can be found at http://web.mit.edu/kerberos/krb4-end-of-life.html.

Since then the OpenAFS gatekeepers and the development community have continued to strengthen the support for Kerberos 5. By 1.2.11 protocol support for the use of Kerberos 5 tickets within the rxkad security class was complete for all of the Kerberos 5 DES enctypes. As part of the OpenAFS 1.4 series integrated support for aklog and asetkey as well as support for the large Kerberos 5 tickets generated by Microsoft's Active Directory were added.

With the release of 1.4, OpenAFS can be used with Kerberos 5 KDCs without any externally supported packages other than the Kerberos 5 library. Either MIT or Heimdal Kerberos 5 libraries can be used to build the support tools. For the KDC, you can use any Kerberos 5 KDC implementation (MIT, Heimdal, Microsoft Active Directory, ...)

The 2004, 2005, and 2006 workshops contained presentations from various organizations on how to migrate your cell to Kerberos 5 or install a new cell using Kerberos 5 in place of kaserver. The 2005 and 2006 workshops had one day tutorials on Kerberos 5 installation, configuration, and administration.

With this historical foundation in place, the OpenAFS Elders are officially announcing the deprecation of kaserver and endorsing the following roadmap for transitioning from single DES to stronger ciphers:

If a significant security hole is identified in either kaserver or DES prior to its removal from the OpenAFS source tree, the OpenAFS Elders reserve the right to accelerate this time table.

Signed, the OpenAFS Elders.