Category Archives: kerberos

In a lecture, I learned that with Kerberos, one can have one master KDC and several slave KDCs. One slide says:

• Synchronisierung der read-only Slaves
  • Periodisch oder per Administrations-Kommando
  • „Klartext-Übertragung“ mit anschließendem kryptographischen Hash
    • Master-Secrets der Clients verschlüsselt mit KDC Master-Secret
    • Hash zum Schutz vor Manipulation, Vertauschen, Anfügen von Daten

which translated to English means:

• synchronization of the read-only slaves
  • periodical or via administrative command
  • “plaintext transmission” with subsequent cryptographic hash
    • master secrets of the clients encrypted with KDC master secret
    • hash for protection from manipulation, permutation, appendage of data

Unfortunately, I wasn’t able to find additional information about this online.

My first question is what exactly they mean when they say “plaintext transmission” because right below it, it says that the master secrets are encrypted.

My second question is how the hash offers protection from manipulation, permutation, and appendage of data. Is the hash itself encrypted with the KDC master secret? It the hash performed over the plaintext data?

Continue reading Security of key distribution to KDC slaves in Kerberos→

I am running (as sudo) a script for setting up Kerberos (which I will paste below) on a CentOS machine (in a Cloudera Quickstart Docker container).
The strange thing is that I have successfully ran this script many many times… Continue reading Kerberos: kadmin.local: No such file or directory while initializing kadmin.local interface (cloudera quickstart)→

I have krb5.conf that looks like

kdc=server1
kdc=server2
kdc=server3
kdc=server4
master_kdc=server1
master_kdc=server2
master_kdc=server3
master_kdc=server4
admin_server=server1
admin_server=server2
admin_server=server3
adm… Continue reading krb5.conf failover not working [on hold]→