[1141] in Kerberos_V5_Development
Re: motivation for multiple keys per principal
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Wed May 8 14:46:18 1996
Date: Wed, 8 May 1996 14:46:03 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Richard Basch" <basch@lehman.com>
Cc: "Barry Jaspan" <bjaspan@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Richard Basch's message of Wed, 8 May 1996 14:16:13 -0400,
<199605081816.OAA00039@badger.lehman.com>
Date: Wed, 8 May 1996 14:16:13 -0400
From: "Richard Basch" <basch@lehman.com>
That is fine for the principals, but if you have a mix of client
workstations that support V4 and V5, this is *NOT* an option. The kdb
format is only one part of a possibly heterogeneous environment with
many versions of the software.
What needs to happen here is the admin server (or simple password
changing server) needs to take the password store the key in the
database using *both* the V4 and V5 salts. Just as the admin server
will want to take the password and store it both as a single-DES and
triple-DES key....
- Ted
