[641] in Kerberos
Re: release 1.0: random comments and questions
daemon@TELECOM.MIT.EDU (srz@ATHENA.MIT.EDU)
Tue Jan 31 01:28:53 1989
From: srz@ATHENA.MIT.EDU
To: aoki%faerie.Berkeley.EDU@BERKELEY.EDU
Cc: kerberos@ATHENA.MIT.EDU
0. For the moment, all inter-realm authentication depends on setting
up a shared secret between each pair of realms that want to
communicate with each other. This shared secret is set up manually
(over the telephone, written on a piece of paper, etc). Clearly this
process doesn't scale well.
A way to improve this situation is to set up a central realm that is
used to establish inter-realm authentication. Kerberos administrators
would set up a shared secret with this central realm, and then use
this secret to cross-authenticate with other realms. This could be
done statically (LCS.MIT.EDU and BERKELEY.EDU could set up a
shared-secret once using ATHENA.MIT.EDU to cross-authenticate) or
dynamically (requests between stranger realms automatically get routed
through a central realm). There are tradeoffs with these approaches.
The first way depends on some manual action on the part of Kerberos
administrators to initiate sharing, while the second way requires changing
the Kerberos protocol, and provides a single point of vulnerability for
all stranger realm authentication.
One reason this list is so quiet is that most of the Kerberos development
team are at Usenix in San Diego, as well as some potential users. In fact,
the Kerberos tutorial was scheduled for today. Things will be back to
normal next week.
-stan
