kerberos question?

Jeffrey Altman jaltman2 at nyc.rr.com
Mon May 2 08:51:47 EDT 2005


ali.mohammadi62 at gmail.com wrote:

> Please tell me how kerberos solve below problem?
> if one knows your userID and send it to Authenticaton Server of
> kerberos and receive the TGS ticket.
> he can break the encryption off-line  and capture  the private key of
> that user.
> 

To prevent this you should require pre-authentication on your
principals.  This way the client must prove to the kdc that it
knows the password or has possession of the necessary credentials
before she can obtain a TGT.

Jeffrey Altman

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list