Thanks: GSS Server without secret key?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Nov 7 11:16:44 EST 2003
>The design seems to be asymmetric in that the need to store a secret
>long-term key at the client has been avoided (the client only needs to
>store its TGT), but a secret long-term key at the server is still
>necessary. I am afraid our customer will complain about this ...
The TGT is really just a convenience to save the user from having to type
in their password all of the time. You're still storing a secret key
on the client; it's just that the secret key typically lives in the
brain of the user behind the keyboard.
--Ken
More information about the Kerberos
mailing list