Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.6. Are there any other free version of Kerberos available? Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos? See reader questions & answers on this topic! - Help others by sharing your knowledge The paper "The Evolution of the Kerberos Authentication System" is a very good description of the limitations of Kerberos 4 and what changes were made in Kerberos 5. This paper is available from <ftp://athena-dist.mit.edu/pub/kerberos/doc/>. However, here is a quick list of the more important changes: * The key salt algorithm has been changed to use the entire principal name. * The network protocol has been completely redone and now uses ASN.1 encoding everywhere. * There is now support for forwardable, renewable, and postdatable tickets. * Kerberos tickets can now contain multiple IP addresses and addresses for different types of networking protocols. * A generic crypto interface module is now used, so other encryption algorithms beside DES can be used. * There is now support for replay caches, so authenticators are not vulnerable to replay. * There is support for transitive cross-realm authentication. User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 1.6. Are there any other free version of Kerberos available? Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: