KDC name/password database.

Clint Chaplin cchaplin at sj.symbol.com
Tue Dec 3 14:39:57 EST 2002

How is the KDC user name/password protected?  I understand that the KDC encrypts it, which implies that the KDC must have the decryption key.  But, of cource, the KDC must persist this decryption key across reboots.  So, this key must be persisted in a file someplace.

If this is all true, then that implies that anybody having root could obtain the decryption key, and decrypt the KDC user name/password database.  Or have I missed something?

Clint (JOATMON) Chaplin

More information about the Kerberos mailing list