Adding principal from client. Is the password exposed ?

Thorsten Haude yooden at gmx.net
Thu Aug 12 12:44:31 EDT 2010


Hi,

> I am trying to add the principals from the kerberos kadmin client using
> addprinc command. How does the "password" is communicated to KDC from the
> client. I tried iptrace and found that there is no "plain text"  password
> which is being send. So, what encryption is being used and how is it
> decrypted on KDC ?

The way I understand it, not at all. The KDC already knows the password and uses it to encrypt the response. The password is then used to decrpyt the response locally.

I'm new to Kerberos, wait for another reply to be sure.

-- 
Cheers,
Thorsten
-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail



More information about the Kerberos mailing list