>>>>> "Greg" == Greg Wettstein <[EMAIL PROTECTED]> writes:
Greg> I would be interested in what the collective thinking of a
Greg> strategy such as this would be? We crypted the raw password
Greg> value with the KDC master key to make sure that the raw
Greg> password was at least as secure as the database itself. My
Greg> thinking was that if you lose the KDC the loss of the actual
Greg> password value itself is probably the least of one's
Greg> problems.
Instead of storing the password, you can just store the old salt.
Then you can tell the client what salt to use using the etype-info
preauth type.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
