"Clint Chaplin" <[EMAIL PROTECTED]> writes: > How is the KDC user name/password protected? I understand that the > KDC encrypts it, which implies that the KDC must have the decryption > key. But, of cource, the KDC must persist this decryption key across > reboots. So, this key must be persisted in a file someplace. > > If this is all true, then that implies that anybody having root > could obtain the decryption key, and decrypt the KDC user > name/password database. Or have I missed something?
That's correct. Typically, the password to the kdc database is stored on the kdc in a stash file. (specified in kdc.conf as key_stash_file=<filename>) -- Josh Huber ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
