[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How KDC ensure the security of the key in its dbase


As I traced the heimdal's code, I found out that the
principal's long term key is stored in the hdb_entry
structure without any encryption or any other means of

Is this safe enough ? If someone hacks the KDC, he
will straight away be able to get the key for each
principal from the database. Since the security of the
kerberos lies in the possession of the key, wouldn't
this be a threat since the hacker can try to intercept
any AS-REQ packet and then with the possession of the
key process the AS-REQ or TGS-REQ ?

Please correct me if I'm wrong.


La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
Yahoo! Domains  Claim yours for only $14.70/year