KDC name/password database.

Josh Huber huber at alum.wpi.edu
Tue Dec 3 16:48:07 EST 2002

"Clint Chaplin" <cchaplin at sj.symbol.com> writes:

> How is the KDC user name/password protected?  I understand that the
> KDC encrypts it, which implies that the KDC must have the decryption
> key.  But, of cource, the KDC must persist this decryption key across
> reboots.  So, this key must be persisted in a file someplace.
> If this is all true, then that implies that anybody having root
> could obtain the decryption key, and decrypt the KDC user
> name/password database.  Or have I missed something?

That's correct.  Typically, the password to the kdc database is stored
on the kdc in a stash file. (specified in kdc.conf as

Josh Huber

More information about the Kerberos mailing list