Migrating a Kerberos Realm
John Hascall
john at iastate.edu
Thu Nov 2 18:01:19 EST 2006
> On Nov 2, 2006, at 9:03 AM, kerberos-request at mit.edu wrote:
> > On Nov 1, 2006, at 22:04, John Hascall wrote:
> >> If anyone is thinking of going down this road, be aware that
> >> there are some crappy client implementations out there
> >> (* looks in the direction of WebCT Vista and coughs *)
> >> that don't handle a non-default salt correctly...
> > And here I was, thinking it would be a good idea to pick random salt
> > strings on password changes, to make certain attacks more costly....
> The "other" Ken says that part of the client code "isn't well
> exercised". ;-)
> OTOH, it sounds like a fun idea to me. Do the cryptosystem RFC's
> specify the default salt?
In the minds of BlackWebBoardCT, or whatever the h*ll they're
called now, the "default" seems to be whatever behaviour the
Windows Active Directory that they developed against happened
to do one day.
John
More information about the Kerberos
mailing list