[23577] in Kerberos
Re: Data encryption question
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Tue Mar 22 15:50:08 2005
In-Reply-To: <04FC050734945249BF09EBD54DD219EA106FDE@XCH-SW-3V2.sw.nos.boeing.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <e9de169cbdbc7d6b245f336d7e8bbd3e@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 22 Mar 2005 15:47:27 -0500
To: "Towles, Perry M" <perry.m.towles@boeing.com>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
On Mar 21, 2005, at 13:31, Towles, Perry M wrote:
> Does Kerberos only encrypt the user name and password and allow the
> datagram package to be sent in the clear? Unlike SSH which encrypts
> the
> tunnel and has a higher cost overhead in the WAN domain.
The password is never sent in the core Kerberos protocol, encrypted or
not. It's used to generate an encryption key. See RFC 1510 for what
parts of what messages are encrypted or not.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos