KDC name/password database.
Josh Huber
huber at alum.wpi.edu
Tue Dec 3 16:48:07 EST 2002
"Clint Chaplin" <cchaplin at sj.symbol.com> writes:
> How is the KDC user name/password protected? I understand that the
> KDC encrypts it, which implies that the KDC must have the decryption
> key. But, of cource, the KDC must persist this decryption key across
> reboots. So, this key must be persisted in a file someplace.
>
> If this is all true, then that implies that anybody having root
> could obtain the decryption key, and decrypt the KDC user
> name/password database. Or have I missed something?
That's correct. Typically, the password to the kdc database is stored
on the kdc in a stash file. (specified in kdc.conf as
key_stash_file=<filename>)
--
Josh Huber
More information about the Kerberos
mailing list