| Subject: | kadmin change_password -keepold does not work with master key migration |
During master key migration, if a principal is re-keyed, the currently
active mkvno is used to encrypt the new keys and the principal's
KRB5_TL_MKVNO is updated to reflect that (unless #7994 applies).
However, if the -keepold flag is used, the principal's key data can
contain a mix of keys encrypted in the old and new master keys.
Steps to reproduce:
1. make testrealm
2. kdb5_util add_mkey -s (enter a new master password twice)
3. kdb5_util use_mkey 2
4. kadmin.local -q 'cpw -keepold -pw pw user'
Now user has a mix of keys encrypted in the old and new master key. It
is hard to immediately see that anything is wrong, because the KDC can
still decrypt the old keys (it iterates over the master key list rather
than respecting the principal's mkvno metadata). Here are two paths
which can demonstrate problems:
5. kdb5_util purge_mkeys -f
6. kadmin.local -q 'xst -norandkey user' (reports "Decrypt integrity
check failed while changing user's key")
This fails because the old master key is gone, so the kvno 1 keys cannot
be decrypted. As a side point, the error message is misleading because
xst -norandkey isn't trying to change the user's key. Alternatively:
5. kdb5_util update_princ_encryption -f (does not update user because it
already lists mkvno 2 in its metadata)
6. kdb5_util add_mkey -s (enter a different new master password twice)
7. kdb5_util update_princ_encryption -f (reports "Decrypt integrity
check failed" on the user principal)
This fails because update_princ_encryption tries to specifically decrypt
key data in the principal's listed master key version, unlike the KDC.
active mkvno is used to encrypt the new keys and the principal's
KRB5_TL_MKVNO is updated to reflect that (unless #7994 applies).
However, if the -keepold flag is used, the principal's key data can
contain a mix of keys encrypted in the old and new master keys.
Steps to reproduce:
1. make testrealm
2. kdb5_util add_mkey -s (enter a new master password twice)
3. kdb5_util use_mkey 2
4. kadmin.local -q 'cpw -keepold -pw pw user'
Now user has a mix of keys encrypted in the old and new master key. It
is hard to immediately see that anything is wrong, because the KDC can
still decrypt the old keys (it iterates over the master key list rather
than respecting the principal's mkvno metadata). Here are two paths
which can demonstrate problems:
5. kdb5_util purge_mkeys -f
6. kadmin.local -q 'xst -norandkey user' (reports "Decrypt integrity
check failed while changing user's key")
This fails because the old master key is gone, so the kvno 1 keys cannot
be decrypted. As a side point, the error message is misleading because
xst -norandkey isn't trying to change the user's key. Alternatively:
5. kdb5_util update_princ_encryption -f (does not update user because it
already lists mkvno 2 in its metadata)
6. kdb5_util add_mkey -s (enter a different new master password twice)
7. kdb5_util update_princ_encryption -f (reports "Decrypt integrity
check failed" on the user principal)
This fails because update_princ_encryption tries to specifically decrypt
key data in the principal's listed master key version, unlike the KDC.