kerberos question?
Jeffrey Altman
jaltman2 at nyc.rr.com
Mon May 2 08:51:47 EDT 2005
ali.mohammadi62 at gmail.com wrote:
> Please tell me how kerberos solve below problem?
> if one knows your userID and send it to Authenticaton Server of
> kerberos and receive the TGS ticket.
> he can break the encryption off-line and capture the private key of
> that user.
>
To prevent this you should require pre-authentication on your
principals. This way the client must prove to the kdc that it
knows the password or has possession of the necessary credentials
before she can obtain a TGT.
Jeffrey Altman
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list