[14492] in Kerberos
Re: Windows 2000 authentication and time
daemon@ATHENA.MIT.EDU (Booker C. Bense)
Tue May 29 10:20:55 2001
Date: Tue, 29 May 2001 07:19:12 -0700 (PDT)
From: "Booker C. Bense" <bbense@networking.stanford.edu>
To: "W.Kossen" <wjk@iname.com>
cc: <kerberos@MIT.EDU>
In-Reply-To: <9f0297$79u5u$1@reader01.wxs.nl>
Message-ID: <Pine.GSO.4.33.0105290712330.24047-100000@shred.stanford.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 29 May 2001, W.Kossen wrote:
> Hi,
> I read somewhere that the time of the Windows 2000 client is used by
> Kerberos (MS implementation of it) to create a ticket. They use this
> statement in order to prove that time synchronization is necessary. I can
> see the necessity for other reasons, but the Kerberos dependency is new to
> me. Can someone explain how this works or where there's info to read up on
> this?
- Well, if you really want to know what's going on, read the src in
mk_req.c and rd_req.c
- However if you don't require that level of detail,
there are a couple good tutorials at
http://web.mit.edu/kerberos/www/papers.html
-In particular the dialogue is very useful for getting the basic
concepts.
- Booker C. Bense
