Henry B. Hotz
hotz at jpl.nasa.gov
Wed Jul 16 14:00:15 EDT 2003
> >Q. It sounds like the Apple Password Server is more secure than
>>Kerberos, because the password is not passed over the network. So
>>Kerberos is not the best choice? Please elaborate.
>>A. That is not correct. Kerberos does not send the clear text
>>password over the network either. In fact, Apple is embracing
>>Keberos in Mac OS X 10.3 by integrating it even more in the client
>>and server OS.
Actually the statement could be even stronger: Kerberos never sends
the password in *encrypted* form over the network *either*. The only
time that happens is when you change it.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev