AD keytabs for unix host

Sam Hartman hartmans at MIT.EDU
Tue May 25 09:01:13 EDT 2004


Without a keytab, your host cannot verify that the user who logged in
is who they claim to be.  a spoofed KDC and the user can cooperate to
make kinit work.  Some configurations--particularly public
workstations with no private data on the workstation--can successfully
run in this configuration.  So, PAM modules may work without a keytab,
but in that configuration they are vulnerable to additional security
attacks.



More information about the Kerberos mailing list