Adding principal from client. Is the password exposed ?
Use Nas
usenas at gmail.com
Fri Aug 13 04:03:14 EDT 2010
Thanks Greg. Does GSSRPC use any open encryption standard Or is it just
internal to MIT kerberos. I would like to understand it a bit more and make
sure that there are no security vulnerbaility here.
Thorsten,
The scenario will occur when a user it trying to create new principal from
the Kerberos client ( KDC is on a different machine on the network). While
creating the principal, the password has to be send to KDC from client and
hence my doubt/question.
-S
On Thu, Aug 12, 2010 at 10:14 PM, Thorsten Haude <yooden at gmx.net> wrote:
> Hi,
>
> > I am trying to add the principals from the kerberos kadmin client using
> > addprinc command. How does the "password" is communicated to KDC from the
> > client. I tried iptrace and found that there is no "plain text" password
> > which is being send. So, what encryption is being used and how is it
> > decrypted on KDC ?
>
> The way I understand it, not at all. The KDC already knows the password and
> uses it to encrypt the response. The password is then used to decrpyt the
> response locally.
>
> I'm new to Kerberos, wait for another reply to be sure.
>
> --
> Cheers,
> Thorsten
> --
> Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!
> Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list