[23577] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Data encryption question

daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue Mar 22 15:50:08 2005

In-Reply-To: <04FC050734945249BF09EBD54DD219EA106FDE@XCH-SW-3V2.sw.nos.boeing.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <e9de169cbdbc7d6b245f336d7e8bbd3e@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 22 Mar 2005 15:47:27 -0500
To: "Towles, Perry M" <perry.m.towles@boeing.com>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

On Mar 21, 2005, at 13:31, Towles, Perry M wrote:
> Does Kerberos only encrypt the user name and password and allow the
> datagram package to be sent in the clear?  Unlike SSH which encrypts 
> the
> tunnel and has a higher cost overhead in the WAN domain.

The password is never sent in the core Kerberos protocol, encrypted or 
not.  It's used to generate an encryption key.  See RFC 1510 for what 
parts of what messages are encrypted or not.

Ken

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post