Yet Another useful paper
Win Treese
treese at athena.mit.edu
Sun Jan 8 17:52:19 AEST 1989
In article <920 at acer.stl.stc.co.uk> "David Wright" <dww at stl.stc.co.uk> writes:
>In article <276 at gloom.UUCP> cory at gloom.UUCP (Cory Kempf) writes:
>#In article <13022 at bellcore.bellcore.com> karn at ka9q.bellcore.com (Phil Karn) writes:
>#> The answer to that problem is a good
>#>authentication scheme that would allow you to give your password only once
>#>(when logging in to your "home" computer) which would then enable your
>#>system to authenticate you to the other systems you use regularly on the
>#>network.
>#
>#Let's see if I have this right... you are going to allow the
>#workstation that is sitting on my desk to convince another system that
>#I am me, right?
>#This workstation that will then lie for me if I ask it to? and tell
>#your system that I am you? Or just about anybody else?
>#Really?
>
>Yes, of course. Why not? Not without some help, and not with current
>standard UNIX and rsh/rlogin/etc. programs, but it is possible.
[...authentication scheme description deleted...]
See Steiner, Neuman, and Schiller, "Kerberos: An Authentication System
for Open Network Systems," USENIX, Winter 1988, Dallas, TX.
Kerberos is very similar to the scheme Mr. Wright described, and it has
been running at MIT for a few years now. More information can be obtained
by writing to info-kerberos at athena.mit.edu.
BTW, the basic scheme Kerberos uses was described in a *1978* paper by
Needham and Schroeder, which appeared in CACM.
Win Treese
Digital Equipment Corp.
Cambridge Research Lab
treese at crl.dec.com
More information about the Comp.unix.wizards
mailing list