[4863] in Kerberos
Re: Proposal for a SmartCard-Kerberos Implementation
daemon@ATHENA.MIT.EDU (psszjan@psab.posten.se)
Sat Mar 25 11:52:42 1995
From: psszjan@psab.posten.se
To: kdrenard@arl.mil, kerberos@MIT.EDU
Date: Sat, 25 Mar 95 17:36:09 MET
In-Reply-To: <1995Mar24.193542.17366@arl.mil>; from "Kenneth D. Renard" at Mar 24, 95 7:35 pm
I'm not i Kerberos guru, but I think this is not the correct way to
implement Smart Card with Kerberos. SecurId is not what I call a Smart
Card. There are several standardized Smart Card concepts delivered by
for example Siemens, Bull and Philips, which I think is what should be
used. With SecurID you use a person to handle the communication between
card and computer. In our organization, that is not what users want.
User requirement is an easy-to-use single logon to all the systems they use.
We have tested SecurID, and it is a technical well working product, but it
is not accepted by the users.
>
> Environment:
> Kerberos 5 realm
> SecurID code is a one-time-use, time dependent, seeded (with PIN
> entered onto card), password generating algorithm. (You may
> explore the applicability of your smart-card system)
> SecurID-only is not acceptable: (need SecurID code for every rsh, rcp)
> Users require access from various, unknown, "untrusted" hosts.
>
--
Jan Andersson e-mail: psszjan@psab.posten.se
Sweden Post
105 04 STOCKHOLM
SWEDEN