[2966] in Kerberos
a question about kerberos
daemon@ATHENA.MIT.EDU (Clifford Neuman)
Fri Jan 7 12:22:13 1994
Date: Fri, 7 Jan 94 08:55:39 PST
From: Clifford Neuman <bcn@ISI.EDU>
To: wenbo@comms.ee.man.ac.uk
Cc: kerberos@MIT.EDU
From: Wenbo Mao <wenbo@comms.ee.man.ac.uk>
Date: Fri, 7 Jan 1994 12:29:12 +0000 (GMT)
All I need is to confirm my understanding of the following mechanism,
which I sensed from reading several papers.
1) a kerberos ticket which is encrypted by a long-lived secret key
distributes a short-lived session key
Correct.
2) a ticket is good if it is accompanied by a valid authenticator
Correct.
3) an authenticator is encrypted by the session key which is retrieved
from the ticket
Correct.
4) the integrity of the ticket is protected by a checksum which is
retrived from the authenticator
No. The integrity of the ticket is protected by a checksum that is
encrypted together with the ticket by the long lived secret key from (1).
Please could you clarify me if my understanding is wrong. Otherwise, is
this the mechanism in the newest version of kerberos? The newest internet
draft that I could get is: John Kohl and B. Clifford Neuman, "The Kerberos
Network Authentication Service (V5)", 1 Sept 1992, which expires on
28 Feb 1993. Is any newer version available. This draft led me to form
the understanding above.
The current spec is RFC 1510.
Cliff
