Perl question

Tom Yu tlyu at MIT.EDU
Thu Sep 22 13:54:53 EDT 2005


>>>>> "digant" == Digant C Kasundra <digant at uta.edu> writes:

digant> Ah, that work.  I tried to get a ticket for kadmin/changepw
digant> instead of a TGT for the realm.  Thanks for the lead!

Please remember that you need to verify the ticket you get, or else an
attacker could collude with an imposter KDC to log in.  I would hope
that you do not have a key for verifying kadmin/changepw tickets on
your client machines, thus Mike's suggestion for a different principal
with that attribute set.

---Tom


More information about the Kerberos mailing list