On Wed, Feb 19, 2003 at 09:54:32PM -0800, John Rudd wrote: > 1) the keys are encrypted in the KDC, not plain text > > 2) the mechanism is 'shared secret' based
If I understand correctly, physical access to the KDC is sufficient to break all user accounts. In other words, the shared secret material on the KDC disks is equivalent to cleartext passwords - take a copy of those disks and you can impersonate any user. Or has that been changed in a new version of Kerberos? I would be interested to know how. Regards, Brian. ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
