Behavior change of krb5_rd_req: what error to return
john at iastate.edu
Thu Dec 4 08:46:42 EST 2008
> It seems like a very bad idea to have two principals that
> share the same key and are not aliases.
This raises the question of the Birthday Paradox -- do
we believe that the sizes of all key types (DES at 56
would be the smallest?) available in Kerberos are
large enough that any expected installation of it
would not have enough keys that two randomly generated
ones are "likely" to colide?
And does this also apply to user principals? Because
I know darn well that many of our users choose the
exact same passwords (because the no-salt keys are
identical). I think we had one that was shared by
something like 156 people at one point!
More information about the krbdev