MD5 passwords possible with Kerberos?
Sandeep
nijsure at cs.unt.edu
Sat Feb 9 11:59:01 EST 2002
Hi all,
I am kinda new to Kerberos, but I have read that one of the biggest
drawbacks of Kerberos is that the passwords need to be stored
cleartext on the master server, a BIG security risk..
Just like Unix passwords are never stored cleartext, but always
hashed, why not do the same thing with Kerberos? Store MD5 passwords
on the master server, and use them for encrypting the TGT. So the
Kerberized login will first compute the MD5 hash, and then decode the
initial TGT.
Is this already done in Kerberos? if yes, what is the version that
supports this?
Thanks a lot
Sandeep
More information about the Kerberos
mailing list