> From: Jonathan Billings [mailto:billi...@negate.org] > > I suggest looking at how Kerberos works. Maybe a better understanding > might help improve your product?
If I hadn't already done that, I would have no business talking about any of this. The same information is available from every resource, this is just the first one I got on google just now: http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-install/What-is-Kerberos-and-How-Does-it-Work_003f.html "client (generally either a user or a service) sends a request for a ticket to the Key Distribution Center (KDC). The KDC creates a ticket-granting ticket (TGT) for the client, encrypts it using the client's password as the key, and sends the encrypted TGT back to the client. The client then attempts to decrypt the TGT, using its password." Notice that the KDC had the client's password to encrypt the TGT, and then the client decrypts using the password. After the client has received the TGT, it's able to authenticate to other servers with no *further* password exposure, but the password was exposed to the KDC. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
