GSS Server without secret key?

Mike Friedman mikef at ack.Berkeley.EDU
Thu Nov 6 23:43:04 EST 2003


Oliver Schoett <os at sdm.de> wrote in message news:<3FAA2DAF.7010904 at sdm.de>...
> 
> Why is it that the server needs a key, when in principle, a ticket
> should be enough to prove one's identity?  Is there a way to avoid the
> key management problem for servers?

Oliver,

In short, and a little over-simplified:  

When the client presents a ticket to the server, how does the server know
it was issued by a trustworthy Kerberos KDC?  Because the ticket contains
a payload encrypted in the server's secret key, registered in that same KDC
(and known by no one but that KDC and the server itself).

Mike

------------------------------------------------------------------------------
Mike Friedman                             System and Network Security
mikef at ack.Berkeley.EDU                    2484 Shattuck Avenue
1-510-642-1410                            University of California at Berkeley
http://ack.Berkeley.EDU/~mikef            http://security.berkeley.edu
------------------------------------------------------------------------------


More information about the Kerberos mailing list