[2661] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Kerberos V4 mutual authentication

daemon@ATHENA.MIT.EDU (Steve Lunt)
Mon Apr 12 16:56:12 1993

Date: Mon, 12 Apr 93 16:22:09 EDT
From: Steve Lunt <lunt@ctt.bellcore.com>
To: cat-ietf@mit.edu
Cc: kerberos@Athena.MIT.EDU

	How does one do mutual authentication in Kerberos Version 4
in environments where encryption (i.e., krb_{mk,rd}_priv) is not
supported by either the client, server, or both?  By convention, the
server takes the checksum from krb_rd_req and returns checksum+1 in a
krb_mk_priv message, which the client then checks with krb_rd_priv.
Why not allow the server to alternatively return checksum+1 in a
krb_mk_safe message (is the checksum really a secret), and have the
client run krb_rd_safe instead.  This would still demonstrate the
server's knowledge of the session key.

	I'm considering changing the FTP security spec accordingly.

-- Steve


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2661] in Kerberos

Kerberos V4 mutual authentication

daemon@ATHENA.MIT.EDU (Steve Lunt)Mon Apr 12 16:56:12 1993

daemon@ATHENA.MIT.EDU (Steve Lunt)
Mon Apr 12 16:56:12 1993