Question about kerberos

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about kerberos

SIRE Jean-Luc RD-CORE-ISS
Hello

I don't know if you have enough time to answer to me
If there is a forum or something more approprated to do that, can you
tell me ?

So ...

I have a general question about kerberos :

It concerns the KRB-AS-REP message where there is 2 encrypted parts :
* Part 1) One included in the ticket,
* Part 2) And another one in the "enc-part" of the message itself.

I have understood that to crypt the second part it's used the client's
key
But when i read the RFC, it doesn't appear clearly which key is used to
crypt the part 1 (ie the ticket sent by the KDC to the client) ...

Can you tell me that ?
Is it the server's key ? (but which server ? The TGS ? Or the end server
where the client want to connect ?)

Thank you very much for your informations !!!

PS : excuse for my bad english ...

Jule Racine

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Question about kerberos

Kenneth G Raeburn
On Sep 9, 2005, at 5:12, SIRE Jean-Luc RD-CORE-ISS wrote:

> I have a general question about kerberos :
>
> It concerns the KRB-AS-REP message where there is 2 encrypted parts :
> *    Part 1) One included in the ticket,
> *    Part 2) And another one in the "enc-part" of the message itself.
>
> I have understood that to crypt the second part it's used the client's
> key
> But when i read the RFC, it doesn't appear clearly which key is  
> used to
> crypt the part 1 (ie the ticket sent by the KDC to the client) ...

RFC 4120 section 5.3 describes the ticket structure and the  
encryption parameters used for protecting parts of it.

ken
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos