[1015] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Jerry M. Carlin)
Fri Jun 15 12:53:44 1990
Date: 15 Jun 90 15:21:03 GMT
From: uwm.edu!cs.utexas.edu!usc!apple!mips!pacbell.com!jmc@rutgers.edu (Jerry M. Carlin)
To: kerberos@ATHENA.MIT.EDU
In article <9006150549.AA24093@PIT-MANAGER.MIT.EDU> jik@PIT-MANAGER.MIT.EDU ("Jonathan I. Kamens") writes:
...
>1. Under Unix, you have to have an account on a properly configured
> machine in order to get a hole of the passwd file. Under Kerberos,
> anyone on the Internet can request an encrypted sample of anyone to
> bang on it.
Kerberos is necessary but not sufficient for enhanced security. A gateway
machine (or router) serving as a "firewall" can disallow packets coming
in from j.random.cyberpunk@never.never.land whilst still allowing legitimate
machines access.
--
Jerry M. Carlin (415) 823-2441 jmc@srv.pacbell.com
To dream the impossible dream. To fight the unbeatable foe.
