[2965] in Kerberos
a question about kerberos
daemon@ATHENA.MIT.EDU (Wenbo Mao)
Fri Jan 7 07:52:41 1994
From: Wenbo Mao <wenbo@comms.ee.man.ac.uk>
To: kerberos@MIT.EDU
Date: Fri, 7 Jan 1994 12:29:12 +0000 (GMT)
Cc: bcn@MIT.EDU, jtkohl@MIT.EDU, bjaspan@security.ov.com, steiner@MIT.EDU,
Dear colleagues,
I have a question about kerberos design and implementation. I have to
approach to you because I could not find an answer from internet FAQs,
newsgroup discussions, etc. I do appreciate your help.
All I need is to confirm my understanding of the following mechanism,
which I sensed from reading several papers.
1) a kerberos ticket which is encrypted by a long-lived secret key
distributes a short-lived session key
2) a ticket is good if it is accompanied by a valid authenticator
3) an authenticator is encrypted by the session key which is retrieved
from the ticket
4) the integrity of the ticket is protected by a checksum which is
retrived from the authenticator
Please could you clarify me if my understanding is wrong. Otherwise, is
this the mechanism in the newest version of kerberos? The newest internet
draft that I could get is: John Kohl and B. Clifford Neuman, "The Kerberos
Network Authentication Service (V5)", 1 Sept 1992, which expires on
28 Feb 1993. Is any newer version available. This draft led me to form
the understanding above.
Thank you very much for your help,
Kindest regards,
Wenbo
=========================================================================
Dr Wenbo Mao
Communications Research Laboratory | Tel (directline) +44 61 275 4506
Department of Electrical Engineering | Fax +44 61 275 4512
University of Manchester | Email wenbo@uk.ac.man.ee.comms
=========================================================================
