Oliver Schoett <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > > Why is it that the server needs a key, when in principle, a ticket > should be enough to prove one's identity? Is there a way to avoid the > key management problem for servers?
Oliver, In short, and a little over-simplified: When the client presents a ticket to the server, how does the server know it was issued by a trustworthy Kerberos KDC? Because the ticket contains a payload encrypted in the server's secret key, registered in that same KDC (and known by no one but that KDC and the server itself). Mike ------------------------------------------------------------------------------ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu ------------------------------------------------------------------------------ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
