[1029] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Trivial passwords

daemon@ATHENA.MIT.EDU (Steve Lunt)
Mon Jun 18 16:53:39 1990

Date: Mon, 18 Jun 90 15:59:03 -0400
From: Steve Lunt <lunt@ctt.bellcore.com>
To: athena.mit.edu!kerberos@bellcore.bellcore.com

	Perhaps the key changing protocol could be modified so that the Kerberos server would know what the associated password is, so that it can do password screening.  This could be done in such a way so that the Kerberos server would not need to distinguish between users and non-user principals.  The reply to Kerberos for a key change request would contain the password.  In the case of services whose keys are not based on passwords, the service would choose a random string (actually, a random number converted to a string), and then use string_to_key() to get a DES key.  Comments?

-- Steve

       Steven J. Lunt         |  lunt@ctt.bellcore.com  |  RRC 1L-213
Computer Security Technology  |-------------------------|  444 Hoes Lane
          Bellcore            |     (201) 699-4244      |  Piscataway, NJ 08854


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1029] in Kerberos

Trivial passwords

daemon@ATHENA.MIT.EDU (Steve Lunt)Mon Jun 18 16:53:39 1990

daemon@ATHENA.MIT.EDU (Steve Lunt)
Mon Jun 18 16:53:39 1990