[6815] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Combining Kerberos/DCE with SecureId/SKey authentication

daemon@ATHENA.MIT.EDU (Mark Eichin)
Mon Mar 4 22:48:52 1996

To: kerberos@MIT.EDU
Date: 04 Mar 1996 21:47:19 -0500
From: eichin@cygnus.com (Mark Eichin)

Please read draft-ietf-cat-kerberos-passwords-02.txt, available from
ds.internic.net:/internet-drafts and mirrors therof. It covers a
complete design for generalized one-use-password handling in
Kerberos5, including two different S/Key modes (where the kdc knows
the 0th key and where it doesn't) and SNK/4 and SecureId modes. It is
quite enlightening (though it has a few holes, like specifying
checksums but not specifying what encoding of the fields is
checksummed...) Combining modes (in particular, the existing
time-stamp preauth) turns out to be useful.

			_Mark_ <eichin@cygnus.com>
			Cygnus Support
			Cygnus Network Security <network-security@cygnus.com>
			http://www.cygnus.com/data/cns/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6815] in Kerberos

Re: Combining Kerberos/DCE with SecureId/SKey authentication

daemon@ATHENA.MIT.EDU (Mark Eichin)Mon Mar 4 22:48:52 1996

daemon@ATHENA.MIT.EDU (Mark Eichin)
Mon Mar 4 22:48:52 1996