[6320] in Kerberos
Re: Help about Kerberos (TGT request)
daemon@ATHENA.MIT.EDU (Jon Rochlis)
Tue Dec 5 15:48:57 1995
Date: Tue, 05 Dec 1995 13:12:17 -0500
To: Richard Basch <basch@lehman.com>,
"Alessandro Aldini mat.1193" <aldini@zeus.csr.unibo.it>
From: Jon Rochlis <jon@bbnplanet.com>
Cc: kerberos@MIT.EDU
What Richard wrote is correct but I don't think it answers Alessandro's
question.
If the question is
how does the KDC get its knowledge of a client's secret key in the
first place?
the answer is an administrator tells the KDC what it is when the user's
kerberos principal is created. This either takes place at the console of the
KDC or via an encrypted admin protocol (based on the administrator's key).
The password string to DES key process is simply a convenience for the user.
The KDC only deals with password as user registration/password change time.
-- Jon
