[1395] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Verifying passwords without getting new tickets

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Mon May 20 17:47:07 1991

From: jon@MIT.EDU (Jon A. Rochlis)
To: Mark Lillibridge <mdl@B.GP.CS.CMU.EDU>
Cc: marc@MIT.EDU, cjr@simpact.COM, kctreima@eos.ncsu.edu, kerberos@MIT.EDU
In-Reply-To: Your message of Mon, 20 May 91 13:07:21 -0400.
Date: Mon, 20 May 91 16:54:45 EDT

   All you need to do is eavesdrop on X logging in once.

That is *much* harder than simply asking for a ticket in somebody
else's name and therefore even though it's only a partial solution, it
add significant value.  Security is a world of tradeoffs.

		-- Jon


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1395] in Kerberos

Re: Verifying passwords without getting new tickets

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)Mon May 20 17:47:07 1991

daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Mon May 20 17:47:07 1991