[4899] in Kerberos
Re: Proposal for a SmartCard-Kerberos Implementation
daemon@ATHENA.MIT.EDU (Kenneth D. Renard" (ACISD))
Fri Mar 31 17:40:14 1995
Date: Fri, 31 Mar 95 17:11:15 EST
From: "Kenneth D. Renard" (ACISD) <kdrenard@ARL.MIL>
To: "Donald T. Davis" <don@cam.ov.com>
Cc: John Hascall <john@iastate.edu>, kdrenard@ARL.MIL, kerberos@MIT.EDU
The objective here is to take full advantage of the "one-time-use"
mechanism that SecurID offers. All passwords WILL be sniffed. All
KDC replies can be sniffed also. If we can use these one-time passwords
to get Kerberos credentials, one can gain access _from anywhere_ without
comprimising anything useful to a sniffer. Once we have Kerberos credentials,
we can let it do the authentication between hosts within our realm.
-Ken Renard