[917] in Kerberos
Explanation of Kerberos/Hesiod
daemon@ATHENA.MIT.EDU (Henry Mensch)
Tue Apr 24 20:11:10 1990
From: Henry Mensch <henry@MIT.EDU>
To: aperez@cvbnet.prime.com (Arturo Perez x6739)
Cc: kerberos@ATHENA.MIT.EDU
Date: Tue, 24 Apr 90 20:02:48 EDT
Arturo Perez asks:
>Does anyone out there have a one page description of what Kerberos
>and Hesiod are?
coming right up ...
kerberos:
Kerberos provides improved network security by providing a trustworthy
network authentication service and some routines to provide an
authorization system based on the trustworthy name of a network
client. It is based on protocols designed by Needham & Schroeder, as
published in Communications of the ACM vol. 21 #12, December 1978.
The trust is achieved through data encryption.
It is implemented with and intended for the client/server network
model. A client (usually running on behalf of a user) communicates
with the secured Kerberos server to obtain a datum which the client
presents to its application server. The application server can verify
this datum and learn the name assigned to the client by the Kerberos
server; this name is usually used as a basis for an authorization
decision.
Kerberos protocol version 4 is currently in daily use at MIT and other
institutions worldwide. It uses the Data Encryption Standard for the
encryption. Version 5 is being implemented, and will provide more
features (such as the ability to substitute other encryption systems)
and cleans up some problems with the version 4 code. Kerberos Version
5 may be proposed as an Internet Elective Standard through the RFC
process. Several standards organizations have studied Kerberos in
their e
first, kerberos:
Kerberos provides improved network security by providing a trustworthy
network authentication service and some routines to provide an
authorization system based on the trustworthy name of a network
client. It is based on protocols designed by Needham & Schroeder, as
published in Communications of the ACM vol. 21 #12, December 1978.
The trust is achieved through data encryption.
It is implemented with and intended for the client/server network
model. A client (usually running on behalf of a user) communicates
with the secured Kerberos server to obtain a datum which the client
presents to its application server. The application server can verify
this datum and learn the name assigned to the client by the Kerberos
server; this name is usually used as a basis for an authorization
decision.
Kerberos protocol version 4 is currently in daily use at MIT and other
institutions worldwide. It uses the Data Encryption Standard for the
encryption. Version 5 is being implemented, and will provide more
features (such as the ability to substitute other encryption systems)
and cleans up some problems with the version 4 code. Kerberos Version
5 may be proposed as an Internet Elective Standard through the RFC
process. Several standards organizations have studied Kerberos in
their efforts to specify various standards in the network security and
authentication arenas.
Discussions about Kerberos occur on the Usenet newsgroup
comp.protocols.kerberos and on the Internet mailing list 'kerberos'
(to be added to the mailing list, send an e-mail message with yoru
name and Internet e-mail address to kerberos-request@ATHENA.MIT.EDU)
Bugs in the current implementation of Kerberos may be reported by
sending e-mail to kerberos-bugs@ATHENA.MIT.EDU
Further reading is indicated below, in refer(1) format.
%K KUsenix
%T Kerberos: An Authentication Service for Open Network Systems
%A J. G. Steiner
%A B. C. Neuman
%A J. I. Schiller
%B Usenix Conference Proceedings
%D February, 1988
%C Dallas, Texas
%P 191-202
%K ACMNeedham
%A R. M. Needham
%A M. D. Schroeder
%T Using Encryption for Authentication in Large Networks of Computers
%J Communications of the ACM
%V 21
%N 12
%P 993-999
%D December, 1978
