keytab vs database
Luke Howard
lukeh at PADL.COM
Tue Aug 17 08:34:07 EDT 2004
>I have a basic question about kerberos concept.
>As I browsed through MIT source code to better
>understand how kerberos works, I noticed that in
>processing the tgs request, the ticket is always
>decrypted using server's key retrieved from keytab. If
>the server is a TGS service (krbtgt) or
>kadmin/changepw which are part of a KDC (am I right to
>say this ?), is it okay to retrieve the key from the
>database instead of from the keytab ?
Yes, and I believe this is what Heimdal does. Not sure about MIT.
-- Luke
More information about the Kerberos
mailing list