1.. _spake: 2 3SPAKE Preauthentication 4======================= 5 6SPAKE preauthentication (added in release 1.17) uses public key 7cryptography techniques to protect against :ref:`password dictionary 8attacks <dictionary>`. Unlike :ref:`PKINIT <pkinit>`, it does not 9require any additional infrastructure such as certificates; it simply 10needs to be turned on. Using SPAKE preauthentication may modestly 11increase the CPU and network load on the KDC. 12 13SPAKE preauthentication can use one of four elliptic curve groups for 14its password-authenticated key exchange. The recommended group is 15``edwards25519``; three NIST curves (``P-256``, ``P-384``, and 16``P-521``) are also supported. 17 18By default, SPAKE with the ``edwards25519`` group is enabled on 19clients, but the KDC does not offer SPAKE by default. To turn it on, 20set the **spake_preauth_groups** variable in :ref:`libdefaults` to a 21list of allowed groups. This variable affects both the client and the 22KDC. Simply setting it to ``edwards25519`` is recommended:: 23 24 [libdefaults] 25 spake_preauth_groups = edwards25519 26 27Set the **+requires_preauth** and **-allow_svr** flags on client 28principal entries, as you would for any preauthentication mechanism:: 29 30 kadmin: modprinc +requires_preauth -allow_svr PRINCNAME 31 32Clients which do not implement SPAKE preauthentication will fall back 33to encrypted timestamp. 34 35An active attacker can force a fallback to encrypted timestamp by 36modifying the initial KDC response, defeating the protection against 37dictionary attacks. To prevent this fallback on clients which do 38implement SPAKE preauthentication, set the 39**disable_encrypted_timestamp** variable to ``true`` in the 40:ref:`realms` subsection for realms whose KDCs offer SPAKE 41preauthentication. 42 43By default, SPAKE preauthentication requires an extra network round 44trip to the KDC during initial authentication. If most of the clients 45in a realm support SPAKE, this extra round trip can be eliminated 46using an optimistic challenge, by setting the 47**spake_preauth_kdc_challenge** variable in :ref:`kdcdefaults` to a 48single group name:: 49 50 [kdcdefaults] 51 spake_preauth_kdc_challenge = edwards25519 52 53Using optimistic challenge will cause the KDC to do extra work for 54initial authentication requests that do not result in SPAKE 55preauthentication, but will save work when SPAKE preauthentication is 56used. 57