[32570] in Kerberos
Re: Adding principal from client. Is the password exposed ?
daemon@ATHENA.MIT.EDU (Use Nas)
Fri Aug 13 04:03:22 2010
MIME-Version: 1.0
In-Reply-To: <20100812164431.17440@gmx.net>
Date: Fri, 13 Aug 2010 13:33:14 +0530
Message-ID: <AANLkTinJmTGoZZMC_wcUAU90819=2SDeVanNfgrsMnoe@mail.gmail.com>
From: Use Nas <usenas@gmail.com>
To: Thorsten Haude <yooden@gmx.net>, Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thanks Greg. Does GSSRPC use any open encryption standard Or is it just
internal to MIT kerberos. I would like to understand it a bit more and make
sure that there are no security vulnerbaility here.
Thorsten,
The scenario will occur when a user it trying to create new principal from
the Kerberos client ( KDC is on a different machine on the network). While
creating the principal, the password has to be send to KDC from client and
hence my doubt/question.
-S
On Thu, Aug 12, 2010 at 10:14 PM, Thorsten Haude <yooden@gmx.net> wrote:
> Hi,
>
> > I am trying to add the principals from the kerberos kadmin client using
> > addprinc command. How does the "password" is communicated to KDC from the
> > client. I tried iptrace and found that there is no "plain text" password
> > which is being send. So, what encryption is being used and how is it
> > decrypted on KDC ?
>
> The way I understand it, not at all. The KDC already knows the password and
> uses it to encrypt the response. The password is then used to decrpyt the
> response locally.
>
> I'm new to Kerberos, wait for another reply to be sure.
>
> --
> Cheers,
> Thorsten
> --
> Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!
> Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
