[4863] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Proposal for a SmartCard-Kerberos Implementation

daemon@ATHENA.MIT.EDU (psszjan@psab.posten.se)
Sat Mar 25 11:52:42 1995

From: psszjan@psab.posten.se
To: kdrenard@arl.mil, kerberos@MIT.EDU
Date: Sat, 25 Mar 95 17:36:09 MET
In-Reply-To: <1995Mar24.193542.17366@arl.mil>; from "Kenneth D. Renard" at Mar 24, 95 7:35 pm

I'm not i Kerberos guru, but I think this is not the correct way to
implement Smart Card with Kerberos. SecurId is not what I call a Smart
Card. There are several standardized Smart Card concepts delivered by
for example Siemens, Bull and Philips, which I think is what should be
used. With SecurID you use a person to handle the communication between
card and computer. In our organization, that is not what users want. 
User requirement is an easy-to-use single logon to all the systems they use.

We have tested SecurID, and it is a technical well working product, but it
is not accepted by the users.

> 
> Environment:
> 	Kerberos 5 realm
> 	SecurID code is a one-time-use, time dependent, seeded (with PIN
> 	  entered onto card), password generating algorithm.  (You may
> 	  explore the applicability of your smart-card system)
> 	SecurID-only is not acceptable: (need SecurID code for every rsh, rcp)
> 	Users require access from various, unknown, "untrusted" hosts.
> 


-- 
Jan Andersson                           e-mail: psszjan@psab.posten.se
Sweden Post
105 04  STOCKHOLM    
SWEDEN              

home help back first fref pref prev next nref lref last post