[2046] in Kerberos
Could someone clarify the following?
daemon@ATHENA.MIT.EDU (Abbas Birjandi)
Wed Jul 15 14:36:29 1992
Date: 15 Jul 92 12:02:06 GMT
From: abbas@fuisse.inria.fr (Abbas Birjandi)
To: kerberos@shelby.Stanford.EDU
Hello,
This is my first posting and I hope I am not sending it to the wrong group.
I was reading the paper:"The Evolution of the Kerberos Authentication Service"
by John Kohl. It seems to me there is perhaps a mistake and I was hoping someone
correct me if I am wrong. Here is where I am having difficulty:
In page 2 regarding getting the initial ticket it says"
"...The KDC generates a new ticket by selecting a random key
Kc,s, called the session key, to include in the ticket,
setting the start and expiration times in the ticket as
requested, and encrypting the ticket with server's key Ks.
It assembles the ticket and the session key into the
response and *encrypts it with the client's secret key Kc"
The equations describing the above text in figure 1 are as follows:
1. Client-->KDC:c,s
2. KDC-->Client:{Kc,s}Kc,{Tc,s}Ks
3. Client-->Server:{Ac}Kc,s,{Tc,s}Ks
It seems to me the text above corresponds "almost"to the behavior of Kerberos in
V4. The reason almost is the "start and expiration time" clause. IT seems to me
2 will look like the following (which is what V4 is about):
2. KDC-->Client:{Kc,s,{Tc,s}Ks}Kc <--V4
My understanding is that according to 2 in V5 the ticket is only
encrypted once. But the explanation says it is encrypted twice?
Am I reading anything wrong here? I would appreciate your input.
Regards,
Abbas Birjandi
abbas@margaux.inria.fr
PS:I down loaded the paper from mit server.
PSS:Please respond directly to my e-mail address.
