Kerberos questions

Henry B. Hotz hotz at
Wed Jul 16 14:00:15 EDT 2003

>  >Q. It sounds like the Apple Password Server is more secure than
>>Kerberos, because the password is not passed over the network.  So
>>Kerberos is not the best choice?  Please elaborate.
>>A. That is not correct.  Kerberos does not send the clear text
>>password over the network either.  In fact, Apple is embracing
>>Keberos in Mac OS X 10.3 by integrating it even more in the client
>>and server OS.
>Looks good.

Actually the statement could be even stronger:  Kerberos never sends 
the password in *encrypted* form over the network *either*.  The only 
time that happens is when you change it.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list