Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by po7.MIT.EDU (5.61/4.7) id AA07220; Tue, 5 Dec 95 04:52:42 EST Received: from tymix.tymnet.com by MIT.EDU with SMTP id AA28270; Tue, 5 Dec 95 04:51:35 EST Received: by tymix.Tymnet.COM (4.1/SMI-4.1) id AA12293; Tue, 5 Dec 95 01:52:42 PST Received: from delta by tymix.Tymnet.COM (in.smtpd); 5 Dec 95 1:52:41 PST Received: by delta.tymnet.com (4.1/SMI-4.1) id AB06233; Tue, 5 Dec 95 01:52:35 PST Date: Tue, 5 Dec 95 01:52:35 PST From: Mailer-Daemon@delta.Tymnet.COM (Mail Delivery Subsystem) Subject: Returned mail: User unknown Message-Id: <9512050952.AB06233@delta.tymnet.com> To: ----- Transcript of session follows ----- <<< HELO tymix.Tymnet.COM <<< MAIL From: <<< RCPT To: 550 ... User unknown <<< DATA <<< QUIT ----- Unsent message follows ----- Return-Path: Received: from tymix.Tymnet.COM by delta.tymnet.com (4.1/SMI-4.1) id AA06224; Tue, 5 Dec 95 01:52:35 PST Received: by tymix.Tymnet.COM (4.1/SMI-4.1) id AA12288; Tue, 5 Dec 95 01:52:34 PST Received: from PACIFIC-CARRIER-ANNEX.MIT.EDU by tymix.Tymnet.COM (in.smtpd); 5 Dec 95 1:52:33 PST Received: from pad-thai.cam.ov.com by MIT.EDU with SMTP id AA26661; Tue, 5 Dec 95 04:07:08 EST Received: by pad-thai.cam.ov.com (8.6.12/) id ; Tue, 5 Dec 1995 04:10:54 -0500 Received: from GATEWAY by pad-thai.cam.ov.com with netnews for kerberos-wrapper@cam.ov.com (kerberos@mit.edu) To: kerberos@MIT.EDU Date: 4 Dec 1995 10:35:22 GMT From: aldini@zeus.csr.unibo.it (Alessandro Aldini mat.1193) Message-Id: <49uita$o5i@sirio.cineca.it> Organization: Cineca Sender: usenet@cam.ov.com Subject: Help about Kerberos (TGT request) I read from "Firewalls and Internet Security" about the Kerberos Authentication System : Kerberos principals may obtain tickets for services from a special server known as the Ticket Granting Server (TGS). The client "speaks" to TGS with a private key and he obtains this key at session-start time from KDC (key distribution centre). The client makes a request to the KDC to obtain this key (and other information for the TGS) and the KDC reply with an encrypted messagge; the key used for this messagge is the client private key, so the KDC must know the private key of every user. The client key is derived from a noninvertible transform of the user's typed password. I suppose that KDC uses a secret algorithm to obtain the private key from the password and every client knows his own password and key but not the algorithm password-to-key. Is it true ? Otherwise how can KDC know every client private key ? Please answer me in e-mail. Thank you for your help. CIAO, Alessandro.