GSS Server without secret key?
Mike Friedman
mikef at ack.Berkeley.EDU
Thu Nov 6 23:43:04 EST 2003
Oliver Schoett <os at sdm.de> wrote in message news:<3FAA2DAF.7010904 at sdm.de>...
>
> Why is it that the server needs a key, when in principle, a ticket
> should be enough to prove one's identity? Is there a way to avoid the
> key management problem for servers?
Oliver,
In short, and a little over-simplified:
When the client presents a ticket to the server, how does the server know
it was issued by a trustworthy Kerberos KDC? Because the ticket contains
a payload encrypted in the server's secret key, registered in that same KDC
(and known by no one but that KDC and the server itself).
Mike
------------------------------------------------------------------------------
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
------------------------------------------------------------------------------
More information about the Kerberos
mailing list