[1055] in Kerberos
Paper: Limitations of the Kerberos Authentication System
daemon@ATHENA.MIT.EDU (@ulysses.att.com:mischu@allegra.at)
Fri Jul 13 11:11:53 1990
From: @ulysses.att.com:mischu@allegra.att.com
To: kerberos@ATHENA.MIT.EDU, krb-protocol@ATHENA.MIT.EDU,
Cc: mischu@allegra.att.com
Reply-To: smb@ulysses.att.com, mischu@allegra.att.com
Date: Fri, 13 Jul 90 09:49:18 EDT
Michael Merritt and I have a paper on the limitations of Kerberos,
which has been submitted to Computer Communications Review. A draft,
in Postscript, is available for anonymous ftp from inet.att.com
(192.20.225.2) in ~ftp/dist/kerblimit.ps.
--Steve Bellovin
smb@ulysses.att.com
Abstract:
The Kerberos authentication system, a part of MIT's Project
Athena, has been adopted by other organizations. Despite
Kerberos's many strengths, it has a number of limitations and
some weaknesses. Some are due to specifics of the MIT
environment; others represent deficiencies in the protocol
design. We discuss a number of such problems, and present
solutions to some of them. We also demonstrate how
special-purpose cryptographic hardware may be needed in some
cases.
