[6315] in Kerberos
Help about Kerberos (TGT request)
daemon@ATHENA.MIT.EDU (Alessandro Aldini mat.1193)
Tue Dec 5 04:25:46 1995
To: kerberos@MIT.EDU
Date: 4 Dec 1995 10:35:22 GMT
From: aldini@zeus.csr.unibo.it (Alessandro Aldini mat.1193)
I read from "Firewalls and Internet Security" about the Kerberos
Authentication System :
Kerberos principals may obtain tickets for services from a special server
known as the Ticket Granting Server (TGS).
The client "speaks" to TGS with a private key and he obtains this key at
session-start time from KDC (key distribution centre). The client
makes a request to the KDC to obtain this key (and other information for
the TGS) and the KDC reply with an encrypted messagge; the key used for this
messagge is
the client private key, so the KDC must know the private key of every user.
The client key is derived from a noninvertible transform of the user's
typed password. I suppose that KDC uses a secret algorithm to obtain the
private key from the password and every client knows his own password and
key but not the algorithm password-to-key. Is it true ? Otherwise how can
KDC know every client private key ?
Please answer me in e-mail. Thank you for your help.
CIAO, Alessandro.
