Security issues with not transferring the password

[Sam Hartman]

>>>>> "Fredrik" == Fredrik Tolf <fredrik at dolda2000.com> writes:

    Fredrik> The way I've understood it (please correct me if I'm
    Fredrik> wrong), is that the KDC encrypts the TGT with a
    Fredrik> symmetrical cipher (3DES?) using the user's password as
    Fredrik> the key, right? In that case, couldn't a hostile just
    Fredrik> obtain an encrypted TGT and brute-force the password from
    Fredrik> it? 

Yes you can do this.  There's a reason Kerberos implementations have
password quality checks.

Is this better than something like SRP?  No.  IS it better than
sending the password over the network unencrypted?  Much.

Please see discussions within the Kerberos working group of the IETF
for various extensions to Kerberos to make it harder to attack
passwords.