kdc database is stored
on the kdc in a stash file. (specified in kdc.conf as
key_stash_file=)
--
Josh Huber
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
n of AFS and krb5.
--
Josh Huber
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
lems?
I guess not, because I do this :)
There are more issues with NAT on the client side, unless you request
an addressless ticket. (kinit -A)
--
Josh Huber
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
be NFS -- it can be
any filesystem.
--
Josh Huber
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
t; Google for "zanarotti attack" if you want to find details of the
> common security failure resulting from the assumption that being
> able to decrypt a kdc response in a key handed to you by a user
> means *anything*...
Thanks for the reference. After read
Thanks for the reply...
Dennis Davis <[EMAIL PROTECTED]> writes:
>>From: Josh Huber <[EMAIL PROTECTED]>
>>Newsgroups: gmane.comp.encryption.kerberos.general
>>Subject: host/*@REALM tickets with ssh, DNS
>>Reply-To: Josh Huber <[EMAIL PROTECTED]&g
uch of Kerberos uses this DNS information? How much can I leave out
of the configuration files on each host?
I'm sure I had another question, but it's eluding me for the moment...
--
Josh Huber
Kerberos mailing list