key salting and kerberos v5
Tom Yu
tlyu at MIT.EDU
Mon Apr 28 01:47:54 EDT 2003
>>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:
Sam> It is. Kadmin should really say default salt not no salt. That's
Sam> what it actually means.
Sam> It says no salt because there is no salt tuple associated with the key
Sam> entry. When no such tuple exists, then the default salt is used.
Further confusing matters, the MIT KDC doesn't distinguish between a
key having the default salt and a key having no associated password
(e.g. a service principal's random key). In the latter case, "no
salt" actually makes some amount of sense, though it's more accurately
"no user-typable password". For both cases, though, the KDC stores no
salt data in the record for the key in question.
---Tom
More information about the Kerberos
mailing list