>The design seems to be asymmetric in that the need to store a secret >long-term key at the client has been avoided (the client only needs to >store its TGT), but a secret long-term key at the server is still >necessary. I am afraid our customer will complain about this ...
The TGT is really just a convenience to save the user from having to type in their password all of the time. You're still storing a secret key on the client; it's just that the secret key typically lives in the brain of the user behind the keyboard. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
