Sandeep wrote: > Just like Unix passwords are never stored cleartext, but always > hashed, why not do the same thing with Kerberos?
Because Kerberos does not actually do password authentication. It sets up a secure link between the two principles. Suppose Alice and Bob want to communicate. They need to share a secret key. (This ignores public key crypto, which is a completely different way of doing things.) Alice talks to Kerberos using a previously agreed secret key (which is in fact the MD5 hash of her password). Kerberos sends here a "ticket" which contains both a new randomly generated secret key and the same key encrypted with Bob's secret key (which is also the MD5 hash of his password). Now Alice and Bob share a key and can use it to communicate. To acheive this Kerberos has to store the secret keys of all the principals. If you get hold of a Kerberos database you won't see the passwords, you will see the hashes (aka secret keys). But that isn't a problem if you want to impersonate Alice or Bob because Kerberos never sees the passwords. It sees messages encrypted with the keys. So if you can get the Kerberos database and want to impersonate Alice you just start a Kerberos session using her secret key. Kerberos assumes that since you evidently know Alice's key you must be her. Paul. _______________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
