KDC name/password database.
Clint Chaplin
cchaplin at sj.symbol.com
Tue Dec 3 14:39:57 EST 2002
How is the KDC user name/password protected? I understand that the KDC encrypts it, which implies that the KDC must have the decryption key. But, of cource, the KDC must persist this decryption key across reboots. So, this key must be persisted in a file someplace.
If this is all true, then that implies that anybody having root could obtain the decryption key, and decrypt the KDC user name/password database. Or have I missed something?
Clint (JOATMON) Chaplin
More information about the Kerberos
mailing list