[4899] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Proposal for a SmartCard-Kerberos Implementation

daemon@ATHENA.MIT.EDU (Kenneth D. Renard" (ACISD))
Fri Mar 31 17:40:14 1995

Date:     Fri, 31 Mar 95 17:11:15 EST
From: "Kenneth D. Renard" (ACISD) <kdrenard@ARL.MIL>
To: "Donald T. Davis" <don@cam.ov.com>
Cc: John Hascall <john@iastate.edu>, kdrenard@ARL.MIL, kerberos@MIT.EDU

The objective here is to take full advantage of the "one-time-use"
mechanism that SecurID offers.  All passwords WILL be sniffed.  All
KDC replies can be sniffed also.  If we can use these one-time passwords
to get Kerberos credentials, one can gain access _from anywhere_ without
comprimising anything useful to a sniffer.  Once we have Kerberos credentials,
we can let it do the authentication between hosts within our realm.

-Ken Renard

home help back first fref pref prev next nref lref last post