Path: utzoo!mnetor!uunet!husc6!bloom-beacon!athena.mit.edu!wesommer From: wesommer@athena.mit.edu (William Sommerfeld) Newsgroups: comp.dcom.lans Subject: Re: LAN security screw-ups Message-ID: <2034@bloom-beacon.MIT.EDU> Date: 15 Dec 87 02:54:43 GMT References: <1858@cup.portal.com> <17429@bu-cs.BU.EDU> Sender: daemon@bloom-beacon.MIT.EDU Reply-To: wesommer@athena.mit.edu (William Sommerfeld) Organization: Massachusetts Institute of Technology Lines: 32 In article <17429@bu-cs.BU.EDU> kwe@bu-it.bu.edu (Kent England) writes: > Someone from Athena said that they were going to release their >validation protocol, Kerebos, to the public. This protocol, if >released, will be the best thing since X windows out of Athena. Nit 1: 'X Windows' is poor usage; the proper term for it is 'X' or 'The X Window system'. Nit 2: The authentication system is spelled "Kerberos" (the Greek spelling of Cerberus), after the three-headed dog guarding Hades in Greek mythology. Kerberos itself is only an authentication protocol; the authentication protocol provides a way for a client of a service to prove that it really is who it claims to be. This is done through the use of some simple cryptographic techniques; the end result of a successful exchange is that both client and service have their hands on a session key which they can use to encrypt further traffic. Most applications don't, but some (especially the service which provides a way for someone to change their Kerberos password) do encrypt their transactions, and are quite paranoid about what they find... Kerberos is not a replacement for session encryption; it is instead a way to distribute session keys (which, if you want to do session encryption, you have to find a way to do). Last I heard, the release of a beta-test version of Kerberos should come some time in February or March. Bill Sommerfeld wesommer@athena.mit.edu MIT Project Athena