On 02/13/2015 12:55 PM, Michael Ströder wrote: > So the alias name is not cryptographically bound to the principal's key?
Not inherently, no. If a principal's long-term key is based on a password, a salt is used to increase the cost of dictionary attacks against multiple principals (except for the RC4 enctype, which ignores salts for historical reasons). The KDC can explicitly inform the client of the salt during an AS exchange, or it can say "use the default salt," where the default salt is based on the principal name. Likewise, inside the database, the salt can be explicitly stored in the principal entry, or the database entry can just say that the default salt was used. So the KDC needs to know which name is canonical, in order to know what the default salt should be. And the KDC needs to communicate either the canonical name or the salt to the client during an AS exchange. But assuming that is taken care of, there is no reason the same key cannot be used with several principal names. Active Directory makes extensive use of this flexibiltiy in the way it handles computer accounts. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
