SPAKE
Kerberos clients can now use SPAKE to strengthen their handshake with a FreeIPA KDC based on elliptic curve cryptography. See IETF draft draft-ietf-kitten-krb-spake-preauth-05 (2018) and relevant portions of krb5.conf(5) and kdc.conf(5) for details. SPAKE is enabled for new IPA servers and clients by default.
Related terms
- Password authenticated key exchange (PAKE)
- wikipedia:Password-authenticated key agreement
See also
Advertising: