Thanks: GSS Server without secret key?

[Tim Alsop]

Oliver,

The design seems to be asymmetric in that the need to store a secret long-term key at the client has been avoided (the client only needs to store its TGT), but a secret long-term key at the server is still necessary.  I am afraid our customer will complain about this ...

This is not the case if you use user-to-user GSS since the server uses a secret derived from a userid/password logon. Please read my earlier reply on this subject.

Tim.