Thanks: GSS Server without secret key?

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Nov 7 11:16:44 EST 2003


>The design seems to be asymmetric in that the need to store a secret 
>long-term key at the client has been avoided (the client only needs to 
>store its TGT), but a secret long-term key at the server is still 
>necessary.  I am afraid our customer will complain about this ...

The TGT is really just a convenience to save the user from having to type
in their password all of the time.  You're still storing a secret key
on the client; it's just that the secret key typically lives in the
brain of the user behind the keyboard.

--Ken


More information about the Kerberos mailing list