Hi, I have a query which I hope someone can enlighten me on.
As I understand it, a random session key is issued by the KDC when the TGS-REQ is sent back to the client and this same session key is also stored inside the service ticket. The service ticket is sent to the server where it is decrypted using the service principal key found in the key table file on the server. So, with this in mind, if somebody manages to get a copy of the key in the key table file (it's not important how, but imagine if they did), they could use this key to decrypt a service ticket as it is transmitted across the network inside a gss token inside of which, they will find the session key. If they had captured network traffic, now that they have the session key which was used for encryption and decryption during the users logon session, surely they can read the captured data which was supposed to be confidential? Is my understanding above correct, or is the key used by gss_wrap and gss_unwrap calculated in some way, so that knowing the session key inside the service ticket, the gss wrapped (i.e. encrypted) data cannot be decrypted? Many thanks. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
