[3857] in Kerberos
looking for S/key support for the Kerberos V5 KDC
daemon@ATHENA.MIT.EDU (*Hobbit*)
Mon Sep 19 01:47:12 1994
To: kerberos@MIT.EDU
Date: 19 Sep 1994 01:17:06 EDT
From: hobbit@elf.com (*Hobbit*)
I don't think you can. S/key's big feature is that there are no secrets
at either end, so you can't use any interaction of s/key as a session key.
You could presumably preauth against something that would then negotiate a key
with you [d-h?] or start a regular Kerberos interaction, but the KDC needs to
know *something* first. Once you've authenticated with s/key, you've given
away that particular secret, so it's no good anymore...
Support of more encryption types, on the other hand, might be a good thing
to spend time on. It wouldn't be that hard to really support IDEA or PKC,
I'd think. [Is this already in the works someplace?]
_H*
