[3081] in Kerberos
RE: Management overview of Kerberos???
daemon@ATHENA.MIT.EDU (Donald Sharp)
Thu Apr 7 14:07:17 1994
Date: Thu, 7 Apr 94 11:37:14 EDT
From: cc32859@vantage.fmrco.com (Donald Sharp)
To: kerberos%mit.edu@stowe.fmrco.com
Bob Moskowitz at Chrysler asks how to help management get educated
about Kerberos.
The best place to start is probably the Kerberos FAQ, which includes
at the end a short bibliography of where to go next. To cut things
short, this is the order I recommend:
1) the FAQ, which has the answers to some basic questions that you
want to know even before you know anything, such as what is it, where
can I get it, what's all this I hear about interoperability problems
etc. It is available from several sources. You can send mail to
mail-server@rtfm.mit.edu
with the message body
send usenet-by-hierarchy/comp/protocols/kerberos/K_U__F_A_Q_1.7
(aka Kerberos_Users__Frequently_Asked_Questions_1.7)
2) The basic overview paper "Kerberos: An Authentication Service for
Open Network Systems", by Jennifer G. Steiner, Clifford Neuman, and
Jeffrey I. Schiller presented at USENIX, Mar 1988 and available at
athena-dist.mit.edu:pub/kerberos/doc/usenix.PS
3) Optionally, the paper "The Evolution of the Kerberos Authentication
Service" by John. T. Kohl which talks about the shortcomings of V4 and
the changes made for V5. This can be found at
athena-dist.mit.edu:pub/kerberos/doc/krb_evol.PS
4) Optionally, the S.M. Bellovin and M. Merritt paper, "Limitations of
the Kerberos Authentication System," presented at USENIX, Jan 1991.
This covers some weaknesses addressed by V5, but also some things that
have not changed, such as Kerberos' reliance on the strenth or
weakness of the underlying cryptosystem, password guessing attacks,
and the problem of spoofing the login command. It can be found at
research.att.com:dist/internet_security/kerblimit.usenix.ps
--------
Don Sharp cc32859@vantage.fmrco.com
Fidelity Investments (617) 570-3905
82 Devonshire St. A2A
Boston, MA 02109
