[4178] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Jim.Rees@umich.edu)
Mon Nov 14 14:56:52 1994
To: kerberos@MIT.EDU
Date: 14 Nov 1994 19:33:18 GMT
From: Jim.Rees@umich.edu
In article <3a82pg$8qa@lastactionhero.rs.itd.umich.edu>, jgs@yurt.merit.edu (John Scudder) writes:
I did some thinking about how one would integrate s/key into any
Kerberos-like protocol and hit a wall: The assumption (with s/key) is
that authentication strings ("passwords," s/key reponses) that the host
sees are _not_ secret.
Assuming you're willing to change the protocl, you would change the
assumption. Instead of sending the S/key password in the clear, you would
use it the same way Kerberos uses the secret key. Instead of sending it in
the clear, you would use it to encrypt and decrypt the Kerberos challenge.
