On Tue, Nov 09, 2004 at 06:14:23PM +1100, [EMAIL PROTECTED] wrote: > On Tue, Nov 09, 2004 at 02:25:22PM +1100, James Gregory wrote: > > On Tue, Nov 09, 2004 at 03:31:50PM +1100, Toliman wrote: > > > and it is 'relatively' secure, in that it would hopefully > > > take a p4 a few hours to brute force... more likely in minutes. > > > > How long is 'a few hours'? I didn't think things were that dire. Are you > > talking about a straight brute force or some kind of known-plaintext > > attack or what? > > Isn't the kerberos ticket only valid for a few minutes anyway?
Only if you want to be re-typing your password every few minutes. One of the features of Kerberos was supposed to be a single sign-on -- obtain a TGT (Ticket-Granting Ticket) and then use that as a password-equivalent until it times out, after which time you need to get another TGT by resupplying your credential (password). Think of it as longer-lived "one-time passwords" -- you don't have to keep typing your password all the time, but the "password" you do pass around has a limited life and gets recreated every few hours. - Matt
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html