AD keytabs for unix host
Sam Hartman
hartmans at MIT.EDU
Tue May 25 09:01:13 EDT 2004
Without a keytab, your host cannot verify that the user who logged in
is who they claim to be. a spoofed KDC and the user can cooperate to
make kinit work. Some configurations--particularly public
workstations with no private data on the workstation--can successfully
run in this configuration. So, PAM modules may work without a keytab,
but in that configuration they are vulnerable to additional security
attacks.
More information about the Kerberos
mailing list