Implementing IETF Draft on DNS use in Kerberos
Jeffrey Altman
jaltman at columbia.edu
Thu Jul 18 14:45:00 EDT 2002
> I thought that the receipt of a valid TGT was proof for the client
> that it was dealing with a trusted KDC and thus the local realm lookup
> was valid. If this is true, then it doesn't seem necessary to get a
> service ticket in order to validate the local realm lookup. (I should
> point out that by client I mean client principal with an entry in the
> KDC's princ db.)
All it is proof of is that the KDC knows the user's key (based on
password).
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and
kermit-support at columbia.edu OpenSSL.
More information about the krbdev
mailing list