Mike Friedman wrote on 2003-11-07 06:29: >In short, and a little over-simplified: > >When the client presents a ticket to the server, how does the server know >it was issued by a trustworthy Kerberos KDC? Because the ticket contains >a payload encrypted in the server's secret key, registered in that same KDC >(and known by no one but that KDC and the server itself). > > Yes, thanks, I have read in the meantime that the basic Kerberos Authentication protocol requires the server to use a secret key (and I then cancelled my question).
The design seems to be asymmetric in that the need to store a secret long-term key at the client has been avoided (the client only needs to store its TGT), but a secret long-term key at the server is still necessary. I am afraid our customer will complain about this ... Oliver Schoett ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
