[23797] in Kerberos

home help back first fref pref prev next nref lref last post

Re: kerberos question?

daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Mon May 2 09:02:24 2005

From: Jeffrey Altman <jaltman2@nyc.rr.com>
Message-ID: <Dnpde.3927$yl6.2601787@twister.nyc.rr.com>
Date: Mon, 02 May 2005 12:51:47 GMT
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

ali.mohammadi62@gmail.com wrote:

> Please tell me how kerberos solve below problem?
> if one knows your userID and send it to Authenticaton Server of
> kerberos and receive the TGS ticket.
> he can break the encryption off-line  and capture  the private key of
> that user.
> 

To prevent this you should require pre-authentication on your
principals.  This way the client must prove to the kdc that it
knows the password or has possession of the necessary credentials
before she can obtain a TGT.

Jeffrey Altman

-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post