Subject: GSS Server without secret key?
From: Oliver Schoett [EMAIL PROTECTED]
Date: Thu, 06 Nov 2003 12:17:03 +0100
Organization: sdm AG, Muenchen, Germany
To: [EMAIL PROTECTED]
I have been playing with the Sun GSS/Kerberos sample code in
Mike Friedman wrote on 2003-11-07 06:29:
In short, and a little over-simplified:
When the client presents a ticket to the server, how does the server know
it was issued by a trustworthy Kerberos KDC? Because the ticket contains
a payload encrypted in the server's secret key, registered in
Oliver,
The design seems to be asymmetric in that the need to store a secret long-term key at
the client has been avoided (the client only needs to store its TGT), but a secret
long-term key at the server is still necessary. I am afraid our customer will
complain about this ...
This is not
Gustavo Rios wrote:
Oliver Schoett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
I have been playing with the Sun GSS/Kerberos sample code in
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
and noticed that the client in this
Tim Alsop wrote:
Oliver,
The design seems to be asymmetric in that the need to store a secret long-term key
at the client has been avoided (the client only needs to store its TGT), but a
secret long-term key at the server is still necessary. I am afraid our customer
will complain
Hi everyone,
I'm new to this mailing list and to Kerberos. Currently I'm working
on setting up Kerberos with PAM for system-wide authentication in a network.
I would like to setup Kerberos principal root/[EMAIL PROTECTED] for each host
in the network, and it has to correspond to the Linux
Hi everyone,
I'm new to this mailing list and to Kerberos. Currently I'm working
on setting up Kerberos with PAM for system-wide authentication in a
network. I would like to setup Kerberos principal root/[EMAIL PROTECTED]
for each host in the network, and it has to correspond to the Linux
Because it's very likely most of us will still be around by the time
the year 2038 rolls around. :-)
ASN allows you to use up to 127 octet for representing integer, so
using integer would not be a problem.
In theory, yes.
But if you look at the Kerberos clarification document (currently an
On Fri Nov 7 01:57:42 2003, Oliver Schoett said:
The design seems to be asymmetric in that the need to store a secret
long-term key at the client has been avoided (the client only needs to
store its TGT), but a secret long-term key at the server is still
necessary. I am afraid our
On Fri, 2003-11-07 at 16:51, [EMAIL PROTECTED] wrote:
Hi everyone,
I'm new to this mailing list and to Kerberos. Currently I'm working
on setting up Kerberos with PAM for system-wide authentication in a network.
I would like to setup Kerberos principal root/[EMAIL PROTECTED] for each host
Oliver == Oliver Schoett [EMAIL PROTECTED] writes:
Oliver I have been playing with the Sun GSS/Kerberos sample code
Oliver in
Oliver
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/ClientServer.html
Oliver and noticed that the client in this scenario needs
[EMAIL PROTECTED] (Ken Hornstein) wrote in message news:[EMAIL PROTECTED]...
Because it's very likely most of us will still be around by the time
the year 2038 rolls around. :-)
ASN allows you to use up to 127 octet for representing integer, so
using integer would not be a problem.
In
12 matches
Mail list logo