[1019] in Kerberos
Re: Why is initial user authentication done the way it is?
daemon@ATHENA.MIT.EDU (Wesley Craig)
Fri Jun 15 14:31:24 1990
Date: 15 Jun 90 16:37:11 GMT
From: apple!usc!samsung!umich!terminator!terminator.cc.umich.edu!wes@decwrl.dec.com (Wesley Craig)
To: kerberos@ATHENA.MIT.EDU
In article <1990Jun15.152103.15241@PacBell.COM> jmc@PacBell.COM (Jerry M. Carlin) writes:
>Kerberos is necessary but not sufficient for enhanced security. A gateway
>machine (or router) serving as a "firewall" can disallow packets coming
>in from j.random.cyberpunk@never.never.land whilst still allowing legitimate
>machines access.
Thus making it extreemly difficult to use in a wide area network (like
from usenix, for example). Moreover, if kerberos is accepted by DCE and
ISO for an extension to X.500, how are you going to "keep the bad guy
out".
wes
