|
DataMuseum.dkPresents historical artifacts from the history of: DKUUG/EUUG Conference tapes |
This is an automatic "excavation" of a thematic subset of
See our Wiki for more about DKUUG/EUUG Conference tapes Excavated with: AutoArchaeologist - Free & Open Source Software. |
top - metrics - downloadIndex: T U
Length: 140810 (0x2260a)
Types: TextFile
Notes: Uncompressed file
└─⟦4f9d7c866⟧ Bits:30007245 EUUGD6: Sikkerheds distributionen
└─⟦bd26f38b3⟧ »./papers/Kerberos/krb_evol.PS.Z«
└─⟦this⟧
%!PS-Adobe-1.0
%%Creator: quicksilver:jtkohl (John T Kohl,,E40-321M,31510,6176432831)
%%Title: stdin (ditroff)
%%CreationDate: Mon Jun 3 11:22:25 1991
%%EndComments
% Start of psdit.pro -- prolog for ditroff translator
% Copyright (c) 1985,1987 Adobe Systems Incorporated. All Rights Reserved.
% GOVERNMENT END USERS: See Notice file in TranScript library directory
% -- probably /usr/lib/ps/Notice
% RCS: $Header: psdit.pro,v 2.2 87/11/17 16:40:42 byron Rel $
/$DITroff 140 dict def $DITroff begin
/fontnum 1 def /fontsize 10 def /fontheight 10 def /fontslant 0 def
/xi {0 72 11 mul translate 72 resolution div dup neg scale 0 0 moveto
/fontnum 1 def /fontsize 10 def /fontheight 10 def /fontslant 0 def F
/pagesave save def}def
/PB{save /psv exch def currentpoint translate
resolution 72 div dup neg scale 0 0 moveto}def
/PE{psv restore}def
/m1 matrix def /m2 matrix def /m3 matrix def /oldmat matrix def
/tan{dup sin exch cos div}bind def
/point{resolution 72 div mul}bind def
/dround {transform round exch round exch itransform}bind def
/xT{/devname exch def}def
/xr{/mh exch def /my exch def /resolution exch def}def
/xp{}def
/xs{docsave restore end}def
/xt{}def
/xf{/fontname exch def /slotno exch def fontnames slotno get fontname eq not
{fonts slotno fontname findfont put fontnames slotno fontname put}if}def
/xH{/fontheight exch def F}bind def
/xS{/fontslant exch def F}bind def
/s{/fontsize exch def /fontheight fontsize def F}bind def
/f{/fontnum exch def F}bind def
/F{fontheight 0 le {/fontheight fontsize def}if
fonts fontnum get fontsize point 0 0 fontheight point neg 0 0 m1 astore
fontslant 0 ne{1 0 fontslant tan 1 0 0 m2 astore m3 concatmatrix}if
makefont setfont .04 fontsize point mul 0 dround pop setlinewidth}bind def
/X{exch currentpoint exch pop moveto show}bind def
/N{3 1 roll moveto show}bind def
/Y{exch currentpoint pop exch moveto show}bind def
/S /show load def
/ditpush{}def/ditpop{}def
/AX{3 -1 roll currentpoint exch pop moveto 0 exch ashow}bind def
/AN{4 2 roll moveto 0 exch ashow}bind def
/AY{3 -1 roll currentpoint pop exch moveto 0 exch ashow}bind def
/AS{0 exch ashow}bind def
/MX{currentpoint exch pop moveto}bind def
/MY{currentpoint pop exch moveto}bind def
/MXY /moveto load def
/cb{pop}def % action on unknown char -- nothing for now
/n{}def/w{}def
/p{pop showpage pagesave restore /pagesave save def}def
/abspoint{currentpoint exch pop add exch currentpoint pop add exch}def
/dstroke{currentpoint stroke moveto}bind def
/Dl{2 copy gsave rlineto stroke grestore rmoveto}bind def
/arcellipse{oldmat currentmatrix pop
currentpoint translate 1 diamv diamh div scale /rad diamh 2 div def
rad 0 rad -180 180 arc oldmat setmatrix}def
/Dc{gsave dup /diamv exch def /diamh exch def arcellipse dstroke
grestore diamh 0 rmoveto}def
/De{gsave /diamv exch def /diamh exch def arcellipse dstroke
grestore diamh 0 rmoveto}def
/Da{currentpoint /by exch def /bx exch def /fy exch def /fx exch def
/cy exch def /cx exch def /rad cx cx mul cy cy mul add sqrt def
/ang1 cy neg cx neg atan def /ang2 fy fx atan def cx bx add cy by add
2 copy rad ang1 ang2 arcn stroke exch fx add exch fy add moveto}def
/Barray 200 array def % 200 values in a wiggle
/D~{mark}def
/D~~{counttomark Barray exch 0 exch getinterval astore /Bcontrol exch def pop
/Blen Bcontrol length def Blen 4 ge Blen 2 mod 0 eq and
{Bcontrol 0 get Bcontrol 1 get abspoint /Ycont exch def /Xcont exch def
Bcontrol 0 2 copy get 2 mul put Bcontrol 1 2 copy get 2 mul put
Bcontrol Blen 2 sub 2 copy get 2 mul put
Bcontrol Blen 1 sub 2 copy get 2 mul put
/Ybi /Xbi currentpoint 3 1 roll def def 0 2 Blen 4 sub
{/i exch def
Bcontrol i get 3 div Bcontrol i 1 add get 3 div
Bcontrol i get 3 mul Bcontrol i 2 add get add 6 div
Bcontrol i 1 add get 3 mul Bcontrol i 3 add get add 6 div
/Xbi Xcont Bcontrol i 2 add get 2 div add def
/Ybi Ycont Bcontrol i 3 add get 2 div add def
/Xcont Xcont Bcontrol i 2 add get add def
/Ycont Ycont Bcontrol i 3 add get add def
Xbi currentpoint pop sub Ybi currentpoint exch pop sub rcurveto
}for dstroke}if}def
end
/ditstart{$DITroff begin
/nfonts 60 def % NFONTS makedev/ditroff dependent!
/fonts[nfonts{0}repeat]def
/fontnames[nfonts{()}repeat]def
/docsave save def
}def
% character outcalls
/oc {/pswid exch def /cc exch def /name exch def
/ditwid pswid fontsize mul resolution mul 72000 div def
/ditsiz fontsize resolution mul 72 div def
ocprocs name known{ocprocs name get exec}{name cb}
ifelse}def
/fractm [.65 0 0 .6 0 0] def
/fraction
{/fden exch def /fnum exch def gsave /cf currentfont def
cf fractm makefont setfont 0 .3 dm 2 copy neg rmoveto
fnum show rmoveto currentfont cf setfont(\244)show setfont fden show
grestore ditwid 0 rmoveto} def
/oce {grestore ditwid 0 rmoveto}def
/dm {ditsiz mul}def
/ocprocs 50 dict def ocprocs begin
(14){(1)(4)fraction}def
(12){(1)(2)fraction}def
(34){(3)(4)fraction}def
(13){(1)(3)fraction}def
(23){(2)(3)fraction}def
(18){(1)(8)fraction}def
(38){(3)(8)fraction}def
(58){(5)(8)fraction}def
(78){(7)(8)fraction}def
(sr){gsave .05 dm .16 dm rmoveto(\326)show oce}def
(is){gsave 0 .15 dm rmoveto(\362)show oce}def
(->){gsave 0 .02 dm rmoveto(\256)show oce}def
(<-){gsave 0 .02 dm rmoveto(\254)show oce}def
(==){gsave 0 .05 dm rmoveto(\272)show oce}def
end
% DIThacks fonts for some special chars
50 dict dup begin
/FontType 3 def
/FontName /DIThacks def
/FontMatrix [.001 0.0 0.0 .001 0.0 0.0] def
/FontBBox [-220 -280 900 900] def% a lie but ...
/Encoding 256 array def
0 1 255{Encoding exch /.notdef put}for
Encoding
dup 8#040/space put %space
dup 8#110/rc put %right ceil
dup 8#111/lt put %left top curl
dup 8#112/bv put %bold vert
dup 8#113/lk put %left mid curl
dup 8#114/lb put %left bot curl
dup 8#115/rt put %right top curl
dup 8#116/rk put %right mid curl
dup 8#117/rb put %right bot curl
dup 8#120/rf put %right floor
dup 8#121/lf put %left floor
dup 8#122/lc put %left ceil
dup 8#140/sq put %square
dup 8#141/bx put %box
dup 8#142/ci put %circle
dup 8#143/br put %box rule
dup 8#144/rn put %root extender
dup 8#145/vr put %vertical rule
dup 8#146/ob put %outline bullet
dup 8#147/bu put %bullet
dup 8#150/ru put %rule
dup 8#151/ul put %underline
pop
/DITfd 100 dict def
/BuildChar{0 begin
/cc exch def /fd exch def
/charname fd /Encoding get cc get def
/charwid fd /Metrics get charname get def
/charproc fd /CharProcs get charname get def
charwid 0 fd /FontBBox get aload pop setcachedevice
40 setlinewidth
newpath 0 0 moveto gsave charproc grestore
end}def
/BuildChar load 0 DITfd put
%/UniqueID 5 def
/CharProcs 50 dict def
CharProcs begin
/space{}def
/.notdef{}def
/ru{500 0 rls}def
/rn{0 750 moveto 500 0 rls}def
/vr{20 800 moveto 0 -770 rls}def
/bv{20 800 moveto 0 -1000 rls}def
/br{20 770 moveto 0 -1040 rls}def
/ul{0 -250 moveto 500 0 rls}def
/ob{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath stroke}def
/bu{200 250 rmoveto currentpoint newpath 200 0 360 arc closepath fill}def
/sq{80 0 rmoveto currentpoint dround newpath moveto
640 0 rlineto 0 640 rlineto -640 0 rlineto closepath stroke}def
/bx{80 0 rmoveto currentpoint dround newpath moveto
640 0 rlineto 0 640 rlineto -640 0 rlineto closepath fill}def
/ci{355 333 rmoveto currentpoint newpath 333 0 360 arc
50 setlinewidth stroke}def
/lt{20 -200 moveto 0 550 rlineto currx 800 2cx s4 add exch s4 a4p stroke}def
/lb{20 800 moveto 0 -550 rlineto currx -200 2cx s4 add exch s4 a4p stroke}def
/rt{20 -200 moveto 0 550 rlineto currx 800 2cx s4 sub exch s4 a4p stroke}def
/rb{20 800 moveto 0 -500 rlineto currx -200 2cx s4 sub exch s4 a4p stroke}def
/lk{20 800 moveto 20 300 -280 300 s4 arcto pop pop 1000 sub
currentpoint stroke moveto
20 300 4 2 roll s4 a4p 20 -200 lineto stroke}def
/rk{20 800 moveto 20 300 320 300 s4 arcto pop pop 1000 sub
currentpoint stroke moveto
20 300 4 2 roll s4 a4p 20 -200 lineto stroke}def
/lf{20 800 moveto 0 -1000 rlineto s4 0 rls}def
/rf{20 800 moveto 0 -1000 rlineto s4 neg 0 rls}def
/lc{20 -200 moveto 0 1000 rlineto s4 0 rls}def
/rc{20 -200 moveto 0 1000 rlineto s4 neg 0 rls}def
end
/Metrics 50 dict def Metrics begin
/.notdef 0 def
/space 500 def
/ru 500 def
/br 0 def
/lt 250 def
/lb 250 def
/rt 250 def
/rb 250 def
/lk 250 def
/rk 250 def
/rc 250 def
/lc 250 def
/rf 250 def
/lf 250 def
/bv 250 def
/ob 350 def
/bu 350 def
/ci 750 def
/bx 750 def
/sq 750 def
/rn 500 def
/ul 500 def
/vr 0 def
end
DITfd begin
/s2 500 def /s4 250 def /s3 333 def
/a4p{arcto pop pop pop pop}def
/2cx{2 copy exch}def
/rls{rlineto stroke}def
/currx{currentpoint pop}def
/dround{transform round exch round exch itransform} def
end
end
/DIThacks exch definefont pop
ditstart
(psc)xT
576 1 1 xr
1(NewCenturySchlbk-Roman)xf 1 f
2(NewCenturySchlbk-Italic)xf 2 f
3(NewCenturySchlbk-Bold)xf 3 f
4(NewCenturySchlbk-BoldItalic)xf 4 f
5(Helvetica)xf 5 f
6(Helvetica-Bold)xf 6 f
7(Courier)xf 7 f
8(Courier-Bold)xf 8 f
9(Symbol)xf 9 f
10(DIThacks)xf 10 f
10 s
1 f
xi
%%EndProlog
%%Page: 1 1
10 s 0 xH 0 xS 1 f
32(--)Y
4323(--)X
3 f
12 s
949 984(The)N
1166(Evolution)X
1686(of)X
1809(the)X
4 f
1998(Kerberos)X
3 f
2460(Authentication)X
3245(Service)X
2 f
10 s
2041 1176(John)N
2250(T.)X
2349(Kohl)X
1 f
1704 1320(Digital)N
1981(Equipment)X
2416(Corporation)X
2006 1416(Project)N
2288(Athena)X
1571 1512(Massachusetts)N
2141(Institute)X
2488(of)X
2577(Technology)X
1778 1608(Cambridge,)N
2229(MA)X
2407(02139)X
8 s
2649(USA)X
10 s
2003 1704(jtkohl@mit.edu)N
2 f
2058 2008(ABSTRACT)N
1 f
1043 2216(The)N
1210(Kerberos)X
1570(Authentication)X
2152(Service,)X
2469(developed)X
2860(at)X
8 s
2956(MIT)X
10 s
3085(,)X
3131(has)X
3285(been)X
3482(widely)X
843 2312(adopted)N
1162(by)X
1275(other)X
1497(organizations)X
2024(to)X
2121(eliminate)X
2497(the)X
2643(trusted-host)X
3122(problem)X
3449(in)X
3548(open)X
843 2408(networks.)N
1264(While)X
1515(a)X
1592(step)X
1779(up)X
1907(from)X
2114(traditional)X
2543(security)X
2873(in)X
2980(networked)X
3405(systems,)X
843 2504(Kerberos)N
1209(version)X
1510(4)X
1585(is)X
1678(not)X
1829(suf\256ciently)X
2271(\257exible)X
2568(for)X
2702(some)X
2920(environments.)X
3504(These)X
843 2600(in\257exibilities)N
1361(and)X
1535(the)X
1690(remedies)X
2060(introduced)X
2493(with)X
2695(the)X
2850(Kerberos)X
3220(version)X
3525(5)X
3603(are)X
843 2696(described.)N
3 f
555 3080(Introduction)N
1 f
555 3204(The)N
739(Kerberos)X
1115(Authentication)X
1713(Service)X
2024(was)X
555 3300(originally)N
947(developed)X
1350(at)X
1462(the)X
1619(Massachusetts)X
555 3396(Institute)N
926(of)X
1039(Technology)X
1502(\()X
8 s
1529(MIT)X
10 s
1658(\))X
1730(for)X
1878(its)X
2016(own)X
555 3492(use)N
726(to)X
842(protect)X
1147(Project)X
1452(Athena's)X
1820(emerging)X
555 3588(network)N
914(services.)X
1304(Versions)X
1678(1)X
1774(through)X
2123(3)X
555 3684(were)N
762(internal)X
1090(development)X
1590(versions;)X
1947(proto-)X
555 3780(col)N
685(version)X
984(4)X
1057(has)X
1216(achieved)X
1568(widespread)X
2019(use.)X
555 3876(However,)N
1008(it)X
1167(was)X
1413(designed)X
1842(for)X
2047(the)X
555 3972(envisioned)N
989(use)X
1154(at)X
8 s
1264(MIT)X
10 s
1393(,)X
1454(and)X
1632(does)X
1834(not)X
1993(com-)X
555 4068(pletely)N
834("\256ll)X
993(the)X
1142(bill")X
1321(for)X
1453(sites)X
1651(with)X
1846(different)X
555 4164(models)N
862(of)X
977(computer)X
1373(use)X
1546(and)X
1732(administra-)X
555 4260(tion.)N
784(Protocol)X
1125(version)X
1434(5)X
1517(incorporates)X
2016(new)X
555 4356(features)N
889(suggested)X
1285(by)X
1401(experience)X
1825(with)X
2021(ver-)X
555 4452(sion)N
736(4)X
810(which)X
1061(make)X
1294(it)X
1379(useful)X
1635(in)X
1738(more)X
1954(situa-)X
555 4548(tions.)N
818(Version)X
1139(5)X
1219(was)X
1398(designed)X
1760(by)X
1883(Clifford)X
555 4644(Neuman)N
914(of)X
1021(the)X
1181(University)X
1615(of)X
1722(Washington)X
555 4740(and)N
731(the)X
888(author,)X
1196(based)X
1444(in)X
1554(part)X
1747(upon)X
1967(input)X
555 4836(from)N
763(many)X
1004(contributors)X
1491(familiar)X
1821(with)X
2021(ver-)X
555 4932(sion)N
728(4.)X
555 5056(The)N
764(\256rst)X
984(section)X
1309(of)X
1443(this)X
1652(paper)X
1930(brie\257y)X
555 5152(discusses)N
953(the)X
1126(Kerberos)X
1514(model)X
1789(and)X
1981(basic)X
555 5248(protocol)N
872(exchanges.)X
1320(Section)X
1614(2)X
1681(discusses)X
2047(the)X
555 5344(shortcomings)N
1087(of)X
1192(version)X
1499(4.)X
1624(The)X
1803(third)X
2027(sec-)X
555 5440(tion)N
726(reviews)X
1035(the)X
1181(new)X
1357(features)X
1686(found)X
1922(in)X
2021(ver-)X
555 5536(sion)N
825(5.)X
1032(Section)X
1422(4)X
1585(discusses)X
2047(the)X
8 s
10 f
555 5616(hhhhhhhhhhhhhhhhhh)N
1 f
555 5696(This)N
705(paper)X
893(was)X
1027(presented)X
1337(at)X
1416(the)X
1530(Spring)X
1746(1991)X
1908(EurOpen)X
2197(Conference,)X
2562(in)X
2639(Troms\371,)X
2897(Norway.)X
10 s
2399 3080(implementation)N
3009(of)X
3099(the)X
3241(new)X
3414(protocol)X
3730(and)X
3891(the)X
2399 3176(compatibility)N
2921(support)X
3242(for)X
3381(converting)X
3808(exist-)X
2399 3272(ing)N
2553(applications)X
3038(from)X
3248(version)X
3554(4)X
3634(to)X
3741(version)X
2399 3368(5.)N
2510(The)X
2675(\256nal)X
2865(section)X
3146(concludes)X
3527(with)X
3716(a)X
3782(status)X
2399 3464(update)N
2677(and)X
2838(considerations)X
3395(of)X
3484(future)X
3738(work.)X
3 f
2399 3656(Terminology)N
2953(and)X
3132(conventions)X
1 f
2399 3780(A)N
2 f
2485(principal)X
1 f
2859(is)X
2948(the)X
3095(basic)X
3308(entity)X
3554(which)X
3802(parti-)X
2399 3876(cipates)N
2802(in)X
3019(network)X
3468(authentication)X
2399 3972(exchanges.)N
2858(A)X
2949(principal)X
3314(usually)X
3619(represents)X
2399 4068(a)N
2488(user)X
2695(or)X
2816(the)X
2981(instantiation)X
3506(of)X
3617(a)X
3705(network)X
2399 4164(service)N
2693(on)X
2819(a)X
2899(particular)X
3307(host.)X
3544(Each)X
3767(princi-)X
2399 4260(pal)N
2571(is)X
2690(uniquely)X
3071(named)X
3378(by)X
3522(its)X
2 f
3671(principal)X
2399 4356(identi\256er.)N
1 f
2399 4480(Systems)N
2758(like)X
2946(the)X
3116(Data)X
3347(Encryption)X
3810(Stan-)X
2399 4576(dard)N
2597(\()X
8 s
2624(DES)X
10 s
2760(\))X
2813([FIPS46])X
3169(which)X
3416(use)X
3567(a)X
3636(single)X
3880(key)X
2399 4672(for)N
2562(both)X
2786(encryption)X
3241(and)X
3440(decryption)X
3891(are)X
2399 4768(referred)N
2769(to)X
2908(as)X
2 f
3057(secret-key)X
3480(cryptosystems.)X
1 f
2399 4864(The)N
2578(keys)X
2782(used)X
2990(in)X
3100(such)X
3307(systems)X
3639(are)X
3795(called)X
2 f
2399 4960(secret)N
1 f
2656(keys.)X
2910(Encryption)X
3365(systems)X
3703(like)X
8 s
3879(RSA)X
10 s
2399 5056([Riv78])N
2748(which)X
3050(use)X
3257(different)X
3659(keys)X
3908(for)X
2399 5152(encryption)N
2833(and)X
3011(decryption)X
3442(are)X
3601(referred)X
3940(to)X
2399 5248(as)N
2 f
2522(public-key)X
2940(cryptosystems;)X
1 f
3512(their)X
3734(encryp-)X
2399 5344(tion)N
2604(keys)X
2831(are)X
3010(referred)X
3370(to)X
3500(as)X
2 f
3640(public)X
1 f
3935(or)X
2 f
2399 5440(private)N
1 f
2709(depending)X
3135(on)X
3266(whether)X
3615(the)X
3777(key)X
3949(is)X
2399 5536(widely)N
2684(known)X
2976(or)X
3096(known)X
3388(only)X
3589(to)X
3704(a)X
3792(single)X
2 p
%%Page: 2 2
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(2)X
2327(-)X
555 672(entity.)N
2 f
555 796(Plaintext)N
1 f
947(refers)X
1213(to)X
1334(an)X
1477(unencrypted)X
1992(mes-)X
555 892(sage,)N
831(while)X
2 f
1122(ciphertext)X
1 f
1581(refers)X
1887(to)X
2047(the)X
555 988(encrypted)N
944(form)X
1140(of)X
1229(the)X
1371(message.)X
555 1112(In)N
670(\256gures,)X
980(encryption)X
1409(is)X
1505(denoted)X
1831(by)X
1952(show-)X
555 1208(ing)N
740(the)X
928(plaintext)X
1329(surrounded)X
1824(by)X
1978(curly)X
555 1304(braces)N
817(\({}\))X
950(followed)X
1280(by)X
1392(a)X
1461(key)X
1617(\(K\))X
1758(whose)X
2010(sub-)X
555 1400(script)N
796(denotes)X
1109(the)X
1259(principal\(s\))X
1712(who)X
1893(possess)X
555 1496(or)N
681(have)X
907(access)X
1187(to)X
1308(that)X
1513(key.)X
1738(Thus,)X
1998("foo")X
555 1592(encrypted)N
944(under)X
1186(c's)X
1297(key)X
1450(is)X
1534({foo}K)X
7 s
1757 1608(c)N
10 s
1789 1592(.)N
3 f
555 1784(1.)N
667(The)X
4 f
849(Kerberos)X
3 f
1234(Model)X
1 f
555 1908(Kerberos)N
920(was)X
1093(developed)X
1489(to)X
1590(enable)X
1861(network)X
555 2004(applications)N
1083(to)X
1234(securely)X
1620(identify)X
1986(their)X
555 2100(peers.)N
826(To)X
947(achieve)X
1252(this,)X
1444(the)X
1592(initiating)X
1967(party)X
555 2196(\(the)N
728(client\))X
987(conducts)X
1337(a)X
1407(three-party)X
1855(message)X
555 2292(exchange)N
946(in)X
1067(order)X
1312(to)X
1430(send)X
1648(the)X
1814(contacted)X
555 2388(party)N
814(\(the)X
1020(server\))X
1338(an)X
1490(assurance)X
1921(of)X
2047(the)X
555 2484(client's)N
847(identity.)X
1214(This)X
1411(assurance)X
1815(takes)X
2047(the)X
555 2580(form)N
766(of)X
869(a)X
2 f
949(ticket)X
1 f
1191(\(shown)X
1491(in)X
1601(\256gures)X
1891(as)X
2008(T)X
7 s
2061 2596(c,)N
2107(s)X
10 s
2140 2580(\))N
555 2676(which)N
807(identi\256es)X
1180(the)X
1331(client,)X
1590(and)X
1760(an)X
2 f
1883(authen-)X
555 2772(ticator)N
1 f
854(\(shown)X
1169(in)X
1294(\256gures)X
1599(as)X
1731(A)X
7 s
1789 2788(c,)N
1835(s)X
10 s
1868 2772(\))N
1946(which)X
555 2868(serves)N
812(to)X
907(validate)X
1229(the)X
1373(use)X
1523(of)X
1614(that)X
1793(ticket)X
2028(and)X
555 2964(prevent)N
896(an)X
1045(intruder)X
1412(from)X
1641(replaying)X
2047(the)X
555 3060(same)N
784(ticket)X
1032(to)X
1140(the)X
1297(server)X
1566(in)X
1677(a)X
1758(future)X
2026(ses-)X
555 3156(sion.)N
776(A)X
860(ticket)X
1097(is)X
1185(only)X
1368(valid)X
1577(for)X
1706(a)X
1775(given)X
2000(time)X
555 3252(interval,)N
893(called)X
1132(its)X
2 f
1248(lifetime.)X
1 f
1579(When)X
1817(the)X
1959(inter-)X
555 3348(val)N
730(ends,)X
987(the)X
1169(ticket)X
1442(expires;)X
1793(any)X
1991(later)X
555 3444(authentication)N
1136(exchanges)X
1555(would)X
1815(require)X
2123(a)X
555 3540(new)N
728(ticket.)X
555 3664(Tickets)N
854(are)X
1003(issued)X
1266(by)X
1382(a)X
1454(trusted)X
1752(third)X
1967(party)X
2 f
555 3760(Key)N
748(Distribution)X
1258(Center)X
1 f
1558(\()X
8 s
1585(KDC)X
10 s
1731(\).)X
1859(As)X
2011(sug-)X
555 3856(gested)N
818(by)X
931(the)X
1076(Needham)X
1456(and)X
1620(Schroeder)X
2018(pro-)X
555 3952(tocol)N
756([Nee78],)X
1094(the)X
8 s
1239(KDC)X
10 s
1414(is)X
1505(trusted)X
1804(to)X
1904(hold)X
2093(in)X
555 4048(con\256dence)N
963(secrets)X
1243(known)X
1514(to)X
1608(each)X
1800(client)X
2028(and)X
555 4144(server)N
831(on)X
964(the)X
1128(network)X
1478(\(those)X
1746(secrets)X
2047(are)X
555 4240(established)N
1017(either)X
1282(out-of-band)X
1750(or)X
1870(through)X
555 4336(an)N
692(encrypted)X
1103(channel\).)X
1509(That)X
1729(trust)X
1956(forms)X
555 4432(the)N
717(basis)X
946(upon)X
1172(which)X
1434(clients)X
1718(and)X
1898(servers)X
555 4528(can)N
733(believe)X
1039(the)X
1208(authenticity)X
1709(of)X
1824(the)X
1992(mes-)X
555 4624(sages)N
778(they)X
963(receive.)X
555 4748(Each)N
774(installation)X
1230(establishes)X
1670(its)X
1794(own)X
1976(auto-)X
555 4844(nomously)N
971(administered)X
8 s
1519(KDC)X
10 s
1665(.)X
1748(Each)X
1996(such)X
555 4940(installation)N
1067(comprises)X
1522(a)X
2 f
1652(realm.)X
1 f
1983(Most)X
555 5036(currently-operating)N
1378(sites)X
1644(have)X
1916(chosen)X
555 5132(realm)N
830(names)X
1130(that)X
1344(parallel)X
1687(their)X
1926(names)X
555 5228(under)N
821(the)X
986(Internet)X
1339(domain)X
1659(name)X
1908(system)X
555 5324(\(e.g.)N
858(Project)X
1267(Athena's)X
1740(realm)X
2105(is)X
7 f
555 5420(ATHENA.MIT.EDU)N
1 f
(\).)S
1369(Clients)X
1705(in)X
1849(separate)X
555 5516(realms)N
854(can)X
1029(authenticate)X
1544(to)X
1660(each)X
1874(other)X
2115(if)X
555 5612(the)N
725(administrators)X
1327(of)X
1443(those)X
1689(realms)X
1991(have)X
555 5708(previously)N
961(arranged)X
1321(a)X
1387(shared)X
1661(secret.)X
3 f
2399 672(1.1.)N
2579(The)X
2760(initial)X
3038(ticket)X
3301(exchange)X
1 f
2399 796(Figure)N
2680(1)X
2759(shows)X
3018(graphically)X
3468(the)X
3622(messages\262)X
2399 892(exchanged)N
2831(in)X
2947(an)X
3081(application's)X
3586(authentica-)X
2399 988(tion)N
2569(process.)X
2910(Both)X
3113(Kerberos)X
3473(versions)X
3804(4)X
3872(and)X
2399 1084(5)N
2476(share)X
2715(the)X
2867(same)X
3091(framework)X
3527(for)X
3662(messages)X
2399 1180(\(although)N
2789(the)X
2942(encoding)X
3303(details)X
3584(of)X
3684(the)X
3836(mes-)X
2399 1276(sages)N
2623(differ\).)X
2918(A)X
2999(typical)X
3271(application)X
3704(requires)X
2399 1372(a)N
2468(three-message)X
3027(exchange)X
3395(with)X
3586(each)X
3779(server)X
2399 1468(to)N
2495(establish)X
2852(authentication)X
3420(on)X
3533(its)X
3650(\256rst)X
3827(invo-)X
2399 1564(cation)N
2652(and)X
2819(a)X
2890(single)X
3136(message)X
3475(on)X
3591(subsequent)X
2399 1660(invocations)N
2861(\(client)X
3137(caching)X
3462(eliminates)X
3891(the)X
2399 1756(need)N
2614(for)X
2757(the)X
2917(\256rst)X
3110(two)X
3283(messages)X
3672(until)X
3891(the)X
2399 1852(ticket)N
2632(expires\).)X
2706 2112(KDC)N
2629 2096 MXY
336 238 De
3 f
2729 2352(1)N
1 f
2809 2264 MXY
-12 -48 Dl
2785 2264 MXY
12 -48 Dl
0 240 Dl
3 f
2867 2352(2)N
1 f
2833 2408 MXY
12 48 Dl
2857 2408 MXY
-12 48 Dl
0 -240 Dl
2683 2591(Client)N
2629 2575 MXY
336 238 De
3 f
3182 2543(3)N
1 f
10 f
2965 2575(hhhhhhhhhhhh)N
3396 2587 MXY
48 -12 Dl
3396 2563 MXY
48 12 Dl
1 f
3490 2591(Server)N
3444 2575 MXY
336 238 De
3 f
2399 2896(1.)N
1 f
2489(Client)X
9 f
2739 MX
(->)174 987 oc
1 f
2840(KDC:)X
3066(c,)X
3146(s)X
3 f
2399 2992(2.)N
1 f
2489(KDC)X
9 f
2693 MX
(->)174 987 oc
1 f
2794(Client:)X
3066({K)X
8 s
3155 3017(c,s)N
10 s
3231 2992(}K)N
8 s
3320 3017(c)N
10 s
3370 2992(,{T)N
8 s
3472 3017(c,s)N
10 s
3548 2992(}K)N
8 s
3637 3017(s)N
3 f
10 s
2399 3088(3.)N
1 f
2489(Client)X
9 f
2739 MX
(->)174 987 oc
1 f
2840(Server:)X
3129({A)X
8 s
3214 3113(c)N
10 s
3242 3088(}K)N
8 s
3331 3113(c,s)N
10 s
3429 3088(,{T)N
8 s
3531 3113(c,s)N
10 s
3607 3088(}K)N
8 s
3696 3113(s)N
10 s
2399 3280(\(In)N
2529(version)X
2821(4,)X
2909(message)X
3243(2)X
3309(is)X
3393({K)X
8 s
3482 3305(c,s)N
10 s
3580 3280(,{T)N
8 s
3682 3305(c,s)N
10 s
3758 3280(})N
3807(K)X
8 s
3869 3305(s)N
10 s
3899 3280(}K)N
8 s
3988 3305(c)N
10 s
4016 3280(\))N
3 f
2399 3424(Figure)N
2701(1:)X
2 f
2791(Getting)X
3086(and)X
3252(using)X
3478(an)X
3595(Initial)X
3853(Ticket)X
1 f
2399 3644(An)N
2548(application)X
3001(client)X
3249(contacts)X
3595(the)X
8 s
3753(KDC)X
10 s
3940(to)X
2399 3740(obtain)N
2667(a)X
2746(ticket)X
2992(and)X
3166(associated)X
3580(credentials.)X
2399 3836(The)N
8 s
2572(KDC)X
10 s
2752(generates)X
3146(a)X
3224(new)X
3409(ticket)X
3654(by)X
3775(select-)X
2399 3932(ing)N
2560(a)X
2648(random)X
2977(encryption)X
3415(key)X
3589(K)X
7 s
3651 3948(c,)N
3697(s)X
10 s
3730 3932(,)N
3795(called)X
2399 4028(the)N
2 f
2543(session)X
2827(key,)X
1 f
2993(to)X
3087(include)X
3380(in)X
3477(the)X
3620(ticket,)X
3876(set-)X
2399 4124(ting)N
2583(the)X
2739(start)X
2954(and)X
3129(expiration)X
3543(times)X
3782(in)X
3891(the)X
2399 4220(ticket)N
2666(as)X
2803(requested,)X
3244(and)X
3438(encrypting)X
3891(the)X
2399 4316(ticket)N
2645(with)X
2847(the)X
3001(server's)X
3320(key)X
3485(K)X
7 s
3547 4332(s)N
10 s
3580 4316(.)N
3658(It)X
3755(assem-)X
2399 4412(bles)N
2593(the)X
2761(ticket)X
3020(and)X
3207(session)X
3520(key)X
3699(into)X
3891(the)X
2399 4508(response)N
2762(and)X
2939(encrypts)X
3295(it)X
3389(with)X
3594(the)X
3752(client's)X
2399 4604(secret)N
2676(key)X
2864(K)X
7 s
2926 4620(c)N
10 s
2958 4604(.)N
3059(The)X
3258(client)X
3520(decrypts)X
3891(the)X
2399 4700(response)N
2752(using)X
2983(its)X
3103(key)X
3261(\(which)X
3536(may)X
3721(be)X
3832(algo-)X
2399 4796(rithmically)N
2848(derived)X
3163(from)X
3376(a)X
3459(password\))X
3872(and)X
2399 4892(caches)N
2692(the)X
2863(ticket)X
3125(and)X
3315(associated)X
3746(session)X
2399 4988(key)N
2574(for)X
2721(future)X
2997(use.)X
3211(It)X
3318(then)X
3531(presents)X
3891(the)X
2399 5084(ticket)N
2645(and)X
2819(a)X
2898(freshly-generated)X
3586(authentica-)X
2399 5180(tor)N
2536(to)X
2637(an)X
2760(application)X
3201(server)X
3462(formatted)X
3857(as)X
3967(a)X
8 s
2399 5276(KRB_AP_REQ)N
10 s
2869(\(application)X
3340(request\))X
3677(message.)X
8 s
10 f
2399 5356(hhhhhhhhhhhhhhhhhh)N
1 f
2399 5436(\262)N
2449(The)X
2581(\256gures)X
2801(actually)X
3057(show)X
3226(a)X
3280(simpli\256ed)X
3590(version)X
3823(of)X
2399 5516(the)N
2530(messages)X
2846(for)X
2962(clarity.)X
3224(Other)X
3433(message)X
3718(\256elds)X
2399 5596(are)N
2523(present)X
2774(in)X
2860(the)X
2983(actual)X
3194(messages,)X
3520(but)X
3647(are)X
3770(pri-)X
2399 5676(marily)N
2614(for)X
2715("bookkeeping")X
3155(purposes)X
3439(not)X
3554(relevant)X
3819(to)X
2399 5756(the)N
2513(present)X
2754(discussion.)X
3 p
%%Page: 3 3
8 s 0 xH 0 xS 1 f
10 s
0 32(--)N
4323(--)X
2212 416(-)N
2261(3)X
2327(-)X
555 672(The)N
723(server)X
981(can)X
1136(decrypt)X
1440(this)X
1608(ticket)X
1845(using)X
2074(its)X
555 768(own)N
753(secret)X
1019(key)X
1196(\(which)X
1490(is)X
1598(kept)X
1809(in)X
1929(secure)X
555 864(storage)N
854(on)X
970(the)X
1117(server's)X
1429(host\))X
1640(and)X
1806(verify)X
2047(the)X
555 960(identity)N
880(of)X
981(the)X
1135(client.)X
1419(If)X
1512(the)X
1666(client)X
1906(desires)X
555 1056(authentication)N
1123(of)X
1215(the)X
1360(server,)X
1638(the)X
1782(server)X
2038(can)X
555 1152(send)N
751(a)X
819(reply)X
1033(to)X
1128(the)X
1272(client)X
1502(using)X
1729(the)X
1872(key)X
2026(K)X
7 s
2088 1168(c,)N
2134(s)X
10 s
555 1248(from)N
752(the)X
894(ticket,)X
1149(enabling)X
1490(the)X
1632(client)X
1860(to)X
1953(verify)X
555 1344(the)N
709(identity)X
1033(of)X
1134(the)X
1288(server)X
1553(\(only)X
1770(the)X
1923(proper)X
555 1440(server)N
817(could)X
1043(obtain)X
1306(this)X
1477(key,)X
1659(as)X
1769(it)X
1854(is)X
1945(inside)X
555 1536(the)N
713(encrypted)X
1117(ticket,)X
1387(and)X
1563(no)X
1689(intruder)X
2038(can)X
555 1632(gain)N
753(the)X
910(server's)X
1232(secret)X
1489(key\).)X
1728(More)X
1956(detail)X
555 1728(on)N
668(the)X
812(formats)X
1122(of)X
1213(the)X
1357(messages)X
1729(used)X
1924(in)X
2021(ver-)X
555 1824(sion)N
735(4)X
808(can)X
966(be)X
1078(found)X
1317(in)X
1419([Ste88])X
1710(and)X
1877([Mil87];)X
555 1920(detail)N
788(on)X
899(version)X
1191(5)X
1257(formats)X
1565(are)X
1707(in)X
1803([Koh90].)X
3 f
555 2112(1.2.)N
735(The)X
916(additional)X
1368(ticket)X
1631(exchange)X
1 f
555 2236(In)N
672(order)X
906(to)X
1013(reduce)X
1296(the)X
1451(risk)X
1632(of)X
1734(exposure)X
2100(of)X
555 2332(the)N
700(client's)X
984(secret)X
1229(key)X
1385(K)X
7 s
1447 2348(c)N
10 s
1504 2332(and)N
1668(make)X
1896(the)X
2041(use)X
555 2428(of)N
657(Kerberos)X
1026(more)X
1247(transparent)X
1724(to)X
1829(the)X
1983(user,)X
555 2524(the)N
722(above)X
980(exchange)X
1371(is)X
1480(primarily)X
1878(used)X
2096(to)X
555 2620(obtain)N
818(a)X
892(ticket)X
1133(for)X
1265(a)X
1338(special)X
2 f
1620(ticket-granting)X
555 2716(server)N
1 f
845(\()X
8 s
872(TGS)X
10 s
1005(\).)X
1144(Once)X
1399(this)X
1609(ticket-granting)X
555 2812(ticket)N
808(\()X
8 s
835(TGT)X
10 s
971(\))X
1040(is)X
1143(obtained,)X
1525(the)X
1686(client)X
1933(erases)X
555 2908(the)N
741(copy)X
972(of)X
1105(the)X
1291(client's)X
1615(secret)X
1900(key)X
2096(to)X
555 3004(prevent)N
862(its)X
977(disclosure.)X
555 3128(The)N
8 s
730(TGS)X
10 s
900(is)X
999(logically)X
1342(distinct)X
1659(from)X
1869(the)X
8 s
2021(KDC)X
10 s
555 3224(which)N
825(provides)X
1187(the)X
1356(initial)X
1629(ticket)X
1888(service,)X
555 3320(but)N
706(runs)X
904(on)X
1020(the)X
8 s
1163(KDC)X
10 s
1336(host)X
1519(and)X
1684(has)X
1840(access)X
2096(to)X
555 3416(the)N
701(same)X
919(database)X
1275(of)X
1368(clients)X
1637(and)X
1802(keys)X
1995(used)X
555 3512(by)N
666(the)X
8 s
806(KDC)X
10 s
952(.)X
1019(A)X
1100(client)X
1329(presents)X
1668(its)X
8 s
1780(TGT)X
10 s
1939(\(along)X
555 3608(with)N
763(other)X
1000(request)X
1318(data\))X
1550(to)X
1661(the)X
8 s
1817(TGS)X
10 s
1990(as)X
2111(it)X
555 3704(would)N
818(present)X
1137(it)X
1233(to)X
1344(any)X
1520(other)X
1756(application)X
555 3800(server)N
826(\(in)X
966(a)X
8 s
1045(KRB_AP_REQ)X
10 s
1482(\);)X
1570(the)X
8 s
1725(TGS)X
10 s
1897(veri\256es)X
555 3896(the)N
698(ticket,)X
953(authenticator)X
1480(and)X
1641(accompanying)X
555 3992(request,)N
890(and)X
1065(replies)X
1350(with)X
1553(a)X
1632(new)X
1818(ticket)X
2064(for)X
555 4088(the)N
707(application)X
1150(server.)X
1458(The)X
1632(protected)X
2010(part)X
555 4184(of)N
659(the)X
816(reply)X
1042(is)X
1140(encrypted)X
1543(with)X
1746(the)X
1902(session)X
555 4280(key)N
728(from)X
944(the)X
8 s
1102(TGT)X
10 s
1238(,)X
1302(so)X
1421(the)X
1583(client)X
1831(need)X
2047(not)X
555 4376(retain)N
807(the)X
954(original)X
1268(secret)X
1515(key)X
1672(K)X
2 f
7 s
1734 4392(c)N
1 f
10 s
1792 4376(to)N
1889(decrypt)X
555 4472(and)N
716(use)X
864(this)X
1028(reply.)X
555 4596(The)N
727(client)X
962(then)X
1160(uses)X
1352(these)X
1578(new)X
1758(credentials)X
555 4692(to)N
677(authenticate)X
1197(itself)X
1433(to)X
1554(the)X
1724(server,)X
2028(and)X
555 4788(perhaps)N
879(to)X
976(verify)X
1216(the)X
1361(identity)X
1676(of)X
1768(the)X
1913(server.)X
555 4884(Once)N
770(the)X
918(authentication)X
1489(is)X
1579(established,)X
2047(the)X
555 4980(client)N
797(and)X
972(server)X
1240(share)X
1481(a)X
1560(common)X
1902(session)X
555 5076(key)N
711(K)X
7 s
773 5092(c,)N
819(s)X
10 s
852 5076(,)N
898(which)X
1143(has)X
1297(never)X
1529(been)X
1726(transmitted)X
555 5172(over)N
744(the)X
894(network)X
1230(without)X
1547(being)X
1778(encrypted.)X
555 5268(They)N
763(may)X
944(use)X
1093(this)X
1258(key)X
1412(to)X
1505(protect)X
1787(or)X
1885(obscure)X
555 5364(their)N
790(messages.)X
1237(Kerberos)X
1626(provides)X
1992(mes-)X
555 5460(sage)N
775(formats)X
1117(which)X
1394(an)X
1543(application)X
2009(may)X
555 5556(generate)N
906(as)X
1015(needed)X
1304(with)X
1499(the)X
1646(session)X
1938(key)X
2096(to)X
555 5652(assure)N
839(the)X
1000(integrity)X
1364(or)X
1480(both)X
1684(the)X
1844(integrity)X
555 5748(and)N
716(privacy)X
1011(of)X
1100(a)X
1166(message.)X
2706 836(KDC)N
2629 820 MXY
336 238 De
3530 836(TGS)N
3444 820 MXY
336 238 De
2865 703(usually)N
3159(co-located)X
2963 723 MXY
-47 12 Dl
2963 747 MXY
-47 -12 Dl
(.)S
2940(.)X
2964(.)X
2988(.)X
3012(.)X
3036(.)X
3060(.)X
3084(.)X
3108(.)X
3132(.)X
3156(.)X
3180(.)X
3205(.)X
3229(.)X
3253(.)X
3277(.)X
3301(.)X
3325(.)X
3349(.)X
3373(.)X
3397(.)X
3421(.)X
3445(.)X
3469(.)X
3493(.)X
3446 747 MXY
47 -12 Dl
3446 723 MXY
47 12 Dl
2683 1315(Client)N
2629 1299 MXY
336 238 De
3490 1315(Server)N
3444 1299 MXY
336 238 De
3 f
2588 1076(1)N
1 f
10 f
2678 1195(c)N
1125(c)Y
1045(c)Y
965(c)Y
2690 953 MXY
-12 -48 Dl
2666 953 MXY
12 -48 Dl
3 f
2841 1076(2)N
1 f
2797 940 MXY
0 240 Dl
2785 1132 MXY
12 48 Dl
2809 1132 MXY
-12 48 Dl
3 f
3090 1033(3)N
1 f
2916 1215 MXY
528 -395 Dl
3413 858 MXY
31 -38 Dl
3399 839 MXY
45 -19 Dl
3 f
3273 1118(4)N
1 f
3493 905 MXY
-528 394 Dl
2996 1261 MXY
-31 38 Dl
3010 1280 MXY
-45 19 Dl
3 f
3182 1352(5)N
1 f
10 f
2916 1384(h)N
2933(hhhhhhhhhhhhhh)X
3446 1396 MXY
47 -12 Dl
3446 1372 MXY
47 12 Dl
3 f
2399 1620(1.)N
1 f
2489(Client)X
9 f
2739 MX
(->)174 987 oc
1 f
2840(KDC:)X
3066(c,)X
3146(tgs)X
3 f
2399 1724(2.)N
1 f
2489(KDC)X
9 f
2693 MX
(->)174 987 oc
1 f
2794(Client:)X
3066({K)X
8 s
3155 1749(c,tgs)N
10 s
3290 1724(}K)N
8 s
3379 1749(c)N
10 s
3429 1724(,{T)N
8 s
3531 1749(c,tgs)N
10 s
3666 1724(}K)N
8 s
3755 1749(tgs)N
3 f
10 s
2399 1828(3.)N
1 f
2489(Client)X
9 f
2739 MX
(->)174 987 oc
1 f
2840(TGS:)X
3049({A)X
8 s
3134 1853(c)N
10 s
3162 1828(}K)N
8 s
3251 1853(c,tgs)N
10 s
3408 1828(,{T)N
8 s
3510 1853(c,tgs)N
10 s
3645 1828(}K)N
8 s
3734 1853(tgs)N
10 s
3823 1828(,)N
3867(s)X
3 f
2399 1932(4.)N
1 f
2489(TGS)X
9 f
2676 MX
(->)174 987 oc
1 f
2777(Client:)X
3049({K)X
8 s
3138 1957(c,s)N
10 s
3214 1932(}K)N
8 s
3303 1957(c,tgs)N
10 s
3460 1932(,{T)N
8 s
3562 1957(c,s)N
10 s
3638 1932(}K)N
8 s
3727 1957(s)N
3 f
10 s
2399 2036(5.)N
1 f
2489(Client)X
9 f
2739 MX
(->)174 987 oc
1 f
2840(Server:)X
3129({A)X
8 s
3214 2061(c)N
10 s
3242 2036(}K)N
8 s
3331 2061(c,s)N
10 s
3429 2036(,{T)N
8 s
3531 2061(c,s)N
10 s
3607 2036(}K)N
8 s
3696 2061(s)N
10 s
2399 2236(\(In)N
2529(version)X
2821(4,)X
2909(message)X
3 f
3243(2)X
1 f
3311(is)X
3395({K)X
8 s
3484 2261(c,tgs)N
10 s
3641 2236(,{T)N
8 s
3743 2261(c,tgs)N
10 s
3878 2236(}K)N
8 s
3967 2261(tgs)N
10 s
4056 2236(}K)N
8 s
4145 2261(c)N
10 s
4173 2236(,)N
2399 2340(and)N
2560(message)X
3 f
2894(4)X
1 f
2962(is)X
3046({K)X
8 s
3135 2365(c,s)N
10 s
3233 2340(,{T)N
8 s
3335 2365(c,s)N
10 s
3411 2340(}K)N
8 s
3500 2365(s)N
10 s
3530 2340(}K)N
8 s
3619 2365(c,tgs)N
10 s
3754 2340(\))N
3 f
2592 2492(Figure)N
2894(2:)X
2 f
2984(Getting)X
3279(a)X
3347 0.5625(service)AX
3618(ticket)X
3 f
2399 2684(2.)N
2538(Why)X
2769(change)X
3116(it?)X
3269(Version)X
3641(4)X
3736(limita-)X
2399 2780(tions)N
1 f
2399 2904(Although)N
2840(Kerberos)X
3272(version)X
3639(4)X
3779(is)X
3937(in)X
2399 3000(widespread)N
2856(use,)X
3039(it)X
3130(is)X
3227(not)X
3382(suf\256ciently)X
3827(\257exi-)X
2399 3096(ble)N
2543(to)X
2649(meet)X
2866(the)X
3021(needs)X
3267(of)X
3368(some)X
3590(sites.)X
3838(As)X
3967(a)X
2399 3192(result,)N
2685(work)X
2917(on)X
3052(Kerberos)X
3433(version)X
3748(5)X
3837(com-)X
2399 3288(menced)N
2708(in)X
2809(1989,)X
3034(fueled)X
3287(by)X
3400(discussions)X
3844(with)X
2399 3384(version)N
2709(4)X
2793(users)X
3032(and)X
3211(administrators)X
3803(about)X
2399 3480(their)N
2636(experiences)X
3124(with)X
3347(the)X
3523(protocol)X
3872(and)X
8 s
2399 3576(MIT)N
10 s
2528('s)X
2603(implementation.)X
3 f
2399 3768(2.1.)N
2579(Environmental)X
3231(shortcomings)X
1 f
2399 3892(Since)N
2629(Kerberos)X
2993(version)X
3292(4)X
3365(was)X
3537(targeted)X
3877(pri-)X
2399 3988(marily)N
2672(for)X
2803(the)X
2951(Project)X
3239(Athena)X
3538(environment)X
2399 4084(\(described)N
2854(in)X
3006([Tre88]\),)X
3404(it)X
3538(has)X
3746(several)X
2399 4180(features)N
2729(which)X
2975(can)X
3129(be)X
3238(troublesome)X
3716(in)X
3815(other)X
2399 4276(environments:)N
3 f
2399 4400(Encryption)N
2936(system)X
3286(dependence:)X
1 f
3869(The)X
2599 4496(version)N
2900(4)X
2975(protocol)X
3300(uses)X
3493(only)X
3680(the)X
3830(Data)X
2599 4592(Encryption)N
3040(Standard)X
3414(\()X
8 s
3441(DES)X
10 s
3577(\))X
3632(to)X
3730(encrypt)X
2599 4688(messages.)N
3017(The)X
3184(export)X
3445(of)X
8 s
3533(DES)X
10 s
3693(from)X
3891(the)X
8 s
2599 4784(USA)N
10 s
2769(is)X
2863(restricted)X
3253(by)X
3372(the)X
3524(U.S.)X
3714(Govern-)X
2599 4880(ment,)N
2836(making)X
3140(truly)X
3348(widespread)X
3794(use)X
3944(of)X
2599 4976(version)N
2891(4)X
2957(dif\256cult.)X
3 f
2399 5100(Internet)N
2785(protocol)X
3170(dependence:)X
1 f
3726(Version)X
2599 5196(4)N
2667(requires)X
2997(the)X
3140(use)X
3289(of)X
3379(Internet)X
3710(Protocol)X
2599 5292(\()N
8 s
2626(IP)X
10 s
2695(\))X
2746(addresses,)X
3155(which)X
3400(makes)X
3664(it)X
3744(unsuit-)X
2599 5388(able)N
2774(for)X
2899(some)X
3109(environments.)X
3 f
2399 5512(Message)N
2774(byte)X
2982(ordering:)X
1 f
3397(Version)X
3708(4)X
3778(uses)X
3967(a)X
2599 5608("receiver)N
2958(makes)X
3230(right")X
3477(philosophy)X
3908(for)X
2599 5704(encoding)N
2987(multi-byte)X
3433(values)X
3731(in)X
3864(net-)X
2599 5800(work)N
2840(messages,)X
3266(where)X
3548(the)X
3722(sending)X
4 p
%%Page: 4 4
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(4)X
2327(-)X
755 672(host)N
967(encodes)X
1310(the)X
1485(value)X
1741(in)X
1869(its)X
2016(own)X
755 768(natural)N
1078(byte)X
1281(order)X
1524(and)X
1707(the)X
1871(receiver)X
755 864(must)N
991(convert)X
1314(this)X
1504(byte)X
1710(order)X
1956(to)X
2074(its)X
755 960(own)N
944(native)X
1214(order.)X
1494(While)X
1748(this)X
1927(makes)X
755 1056(communication)N
1392(between)X
1769(two)X
1973(hosts)X
755 1152(with)N
965(the)X
1128(same)X
1363(byte)X
1563(order)X
1803(simple,)X
2111(it)X
755 1248(does)N
970(not)X
1142(follow)X
1413(established)X
1883(conven-)X
755 1344(tions)N
969(and)X
1140(will)X
1309(preclude)X
1659(interoperabil-)X
755 1440(ity)N
887(if)X
972(some)X
1193(machine)X
1540(with)X
1740(an)X
1865(unusual)X
755 1536(byte)N
976(order)X
1237(not)X
1420(understood)X
1897(by)X
2047(the)X
755 1632(receiver)N
1073(is)X
1157(used.)X
3 f
555 1756(Ticket)N
849(lifetimes:)X
1 f
1262(The)X
1433(valid)X
1644(life)X
1789(of)X
1884(a)X
1956(ticket)X
755 1852(in)N
872(version)X
1185(4)X
1272(is)X
1377(encoded)X
1716(by)X
1845(a)X
9 s
1929(UNIX)X
10 s
2127(\262)X
755 1948(timestamp)N
1204(issue)X
1445(date)X
1659(and)X
1851(an)X
1996(8-bit)X
755 2044(lifetime)N
1109(quantity)X
1495(in)X
1639(units)X
1899(of)X
2035(\256ve)X
755 2140(minutes,)N
1103(resulting)X
1462(in)X
1559(a)X
1626(maximum)X
2023(life-)X
755 2236(time)N
974(of)X
1093(21)X
1181 MX
(14)129 833 oc
1300(hours.)X
1606(Some)X
1858(environ-)X
755 2332(ments)N
1048(require)X
1382(longer)X
1679(lifetimes)X
2064(for)X
755 2428(proper)N
1033(operation)X
1418(\(e.g.)X
1606(a)X
1683(long-running)X
755 2524(simulation)N
1186(which)X
1442(requires)X
1784(valid)X
2002(Ker-)X
755 2620(beros)N
1013(credentials)X
1483(during)X
1792(its)X
1946(entire)X
755 2716(execution\).)N
3 f
555 2840(Authentication)N
1239(forwarding:)X
1 f
1785(Version)X
2123(4)X
755 2936(has)N
918(no)X
1040(provision)X
1413(for)X
1548(allowing)X
1893(creden-)X
755 3032(tials)N
949(issued)X
1214(to)X
1316(a)X
1391(client)X
1628(on)X
1748(one)X
1908(host)X
2096(to)X
755 3128(be)N
873(forwarded)X
1284(to)X
1388(some)X
1609(other)X
1838(host)X
2028(and)X
755 3224(used)N
962(by)X
1084(another)X
1408(client.)X
1693(This)X
1891(may)X
2083(be)X
755 3320(useful)N
1059(if)X
1187(an)X
1356(intermediate)X
1910(service)X
755 3416(needs)N
1013(to)X
1130(access)X
1406(some)X
1640(resource)X
2000(with)X
755 3512(the)N
917(rights)X
1180(of)X
1289(the)X
1451(client)X
1699(\(e.g.)X
1895(a)X
1980(print)X
755 3608(service)N
1038(needs)X
1275(access)X
1530(to)X
1626(the)X
1771(\256le)X
1910(service)X
755 3704(to)N
856(retrieve)X
1177(a)X
1251(client's)X
1539(\256le)X
1682(for)X
1814(printing\),)X
755 3800(or)N
863(if)X
947(a)X
1023(user)X
1217(logs)X
1394(into)X
1570(another)X
1890(host)X
2078(on)X
755 3896(the)N
929(network)X
1289(and)X
1482(wishes)X
1786(to)X
1910(pursue)X
755 3992(activities)N
1150(there)X
1404(with)X
1629(the)X
1807(privileges)X
755 4088(and)N
946(authentication)X
1540(she)X
1717(had)X
1907(on)X
2047(the)X
755 4184(originating)N
1187(host.)X
3 f
555 4308(Principal)N
992(naming:)X
1 f
1374(In)X
1499(version)X
1813(4,)X
1923(princi-)X
755 4404(pals)N
978(are)X
1169(named)X
1490(with)X
1727(three)X
1993(com-)X
755 4500(ponents:)N
1110(name,)X
1377(instance,)X
1750(and)X
1929(realm,)X
755 4596(each)N
948(of)X
1039(which)X
1284(may)X
1465(be)X
1572(up)X
1690(to)X
1784(39)X
1895(charac-)X
755 4692(ters)N
941(long.)X
1183(These)X
1443(sizes)X
1661(are)X
1822(too)X
1974(short)X
755 4788(for)N
886(some)X
1101(applications)X
1576(and)X
1742(installation)X
755 4884(environments.)N
1370(In)X
1512(addition,)X
1901(due)X
2096(to)X
755 4980(implementation-imposed)N
1728(conventions)X
755 5076(the)N
912(normal)X
1214(character)X
1602(set)X
1746(allowed)X
2064(for)X
755 5172(the)N
906(name)X
1141(portion)X
1438(excludes)X
1784(the)X
1934(period)X
755 5268(\(.\),)N
878(which)X
1124(is)X
1210(used)X
1406(in)X
1504(account)X
1813(names)X
2078(on)X
755 5364(some)N
991(systems.)X
1378(These)X
1644(same)X
1883(conven-)X
755 5460(tions)N
980(dictate)X
1276(that)X
1474(the)X
1636(account)X
1963(name)X
755 5556(match)N
1067(the)X
1268(name)X
1553(portion)X
1900(of)X
2047(the)X
8 s
10 f
555 5636(hhhhhhhhhhhhhhhhhh)N
1 f
555 5716(\262)N
605(UNIX)X
798(is)X
866(a)X
920(Trademark)X
1273(of)X
1344(Bell)X
1480(Laboratories.)X
10 s
2599 672(principal)N
2989(identi\256er,)X
3409(which)X
3687(is)X
3806(unac-)X
2599 768(ceptable)N
2931(in)X
3031(situations)X
3424(where)X
3676(Kerberos)X
2599 864(is)N
2698(being)X
2936(installed)X
3295(in)X
3406(an)X
3535(existing)X
3864(net-)X
2599 960(work)N
2807(with)X
2996(non-unique)X
3439(account)X
3746(names.)X
3 f
2399 1084(Inter-realm)N
2935(authentication:)X
1 f
3629(Version)X
3967(4)X
2599 1180(provides)N
2938(cooperation)X
3391(between)X
3722(authen-)X
2599 1276(tication)N
2912(realms)X
3197(by)X
3316(allowing)X
3660(each)X
3860(pair)X
2599 1372(of)N
2697(cooperating)X
3158(realms)X
3442(to)X
3544(exchange)X
3918(an)X
2599 1468(encryption)N
3024(key)X
3185(to)X
3285(be)X
3398(used)X
3599(as)X
3709(a)X
3782(secon-)X
2599 1564(dary)N
2807(key)X
2976(for)X
3117(the)X
3275(ticket-granting)X
3871(ser-)X
2599 1660(vice.)N
2829(A)X
2928(client)X
3175(can)X
3345(obtain)X
3619(tickets)X
3908(for)X
2599 1756(services)N
2917(from)X
3115(a)X
3183(foreign)X
3467(realm's)X
8 s
3755(KDC)X
10 s
3924(by)X
2599 1852(\256rst)N
2776(obtaining)X
3150(a)X
3218(ticket-granting)X
3800(ticket)X
2599 1948(for)N
2748(the)X
2914(foreign)X
3220(realm)X
3482(from)X
3702(its)X
3841(local)X
8 s
2599 2044(KDC)N
10 s
2769(and)X
2932(then)X
3125(using)X
3351(that)X
8 s
3525(TGT)X
10 s
3684(to)X
3778(obtain)X
2599 2140(tickets)N
2915(for)X
3086(the)X
3273(foreign)X
3600(application)X
2599 2236(server)N
2865(\(see)X
3043(Figure)X
3323(3\).)X
3472(This)X
3669(pair-wise)X
2599 2332(key)N
2821(exchange)X
3256(makes)X
3587(inter-realm)X
2599 2428(ticket)N
2852(requests)X
3208(and)X
3388(veri\256cation)X
3847(easy)X
2599 2524(to)N
2697(implement,)X
3144(but)X
3295(requires)X
2 f
3629(O)X
1 f
3704(\()X
2 f
3731(n)X
1 f
7 s
3789 2492(2)N
10 s
3827 2524(\))N
3880(key)X
2599 2620(exchanges)N
3029(to)X
3149(interconnect)X
2 f
3660(n)X
1 f
3758(realms)X
2599 2716(\(see)N
2775(Figure)X
3053(4\).)X
3200(Even)X
3421(with)X
3619(only)X
3807(a)X
3882(few)X
2599 2812(cooperating)N
3083(realms,)X
3412(the)X
3585(assignment)X
2599 2908(and)N
2783(management)X
3310(of)X
3422(the)X
3587(inter-realm)X
2599 3004(keys)N
2789(is)X
2873(an)X
2988(expansive)X
3377(task.)X
3 f
2399 3196(2.2.)N
2579(Technical)X
3010(de\256ciencies)X
1 f
2399 3320(In)N
2507(addition)X
2839(to)X
2936(the)X
3082(environmental)X
3650(problems,)X
2399 3416(there)N
2651(are)X
2826(some)X
3069(technical)X
3459(de\256ciencies)X
3937(in)X
2399 3512(version)N
2708(4)X
2791(and)X
2968(its)X
3099(implementation.)X
3746([Bel90])X
2399 3608(provides)N
2740(detailed)X
3065(analyses)X
3411(of)X
3505(some)X
3720(of)X
3814(these)X
2399 3704(problems.)N
3 f
2399 3828(Double)N
2730(Encryption:)X
1 f
3258(As)X
3387(shown)X
3658(in)X
3765(Figure)X
2599 3924(1,)N
2705(the)X
2865(ticket)X
3116(issued)X
3390(by)X
3517(the)X
3676(Kerberos)X
2599 4020(server)N
2860(in)X
2962(version)X
3260(4)X
3332(is)X
3422(encrypted)X
3817(twice)X
2599 4116(when)N
2830(being)X
3061(transmitted)X
3532(to)X
3633(the)X
3783(client,)X
2599 4212(and)N
2766(only)X
2950(once)X
3142(when)X
3369(sent)X
3553(to)X
3651(the)X
3798(appli-)X
2599 4308(cation)N
2874(server.)X
3200(There)X
3467(is)X
3578(no)X
3716(need)X
3940(to)X
2599 4404(encrypt)N
2926(it)X
3028(in)X
3148(the)X
3314(message)X
3672(from)X
3891(the)X
8 s
2599 4500(KDC)N
10 s
2772(to)X
2870(the)X
3017(client,)X
3272(and)X
3438(doing)X
3668(so)X
3772(can)X
3927(be)X
2599 4596(wasteful)N
2943(of)X
3039(processing)X
3457(time)X
3653(if)X
3734(encryp-)X
2599 4692(tion)N
2784(is)X
2886(computationally)X
3525(intensive)X
3903(\(as)X
2599 4788(will)N
2784(be)X
2916(the)X
3084(case)X
3289(for)X
3440(most)X
3667(software-)X
2599 4884(based)N
2890(encryption)X
3365(implementations;)X
2599 4980(see)N
2779([Mer90])X
3135(for)X
3300(discussion)X
3743(of)X
3872(fast)X
2599 5076(software-based)N
3176(encryption)X
3593(methods\).)X
3 f
2399 5200(PCBC)N
2706(encryption:)X
1 f
3244(Kerberos)X
3638(version)X
3967(4)X
2599 5296(uses)N
2833(a)X
2947(modi\256ed)X
3334(mode)X
3601(of)X
8 s
3734(DES)X
10 s
3940(to)X
2599 5392(encrypt)N
2993(its)X
3198(messages.)X
3681([FIPS81])X
2599 5488(describes)N
3009(the)X
3198(normal)X
3532(cipher-block-)X
2599 5584(chaining)N
2941(\()X
8 s
2968(CBC)X
10 s
3106(\))X
3155(mode)X
3374(of)X
8 s
3459(DES)X
10 s
3595(.)X
5 p
%%Page: 5 5
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(5)X
2327(-)X
1677 808(TGS)N
8 s
1842 833(local)N
10 s
1611 792 MXY
432 238 De
2553 808(TGS)N
8 s
2718 833(remote)N
10 s
2522 792 MXY
432 238 De
1713 1288(Client)N
1611 1272 MXY
432 238 De
2513 1288(Server)N
8 s
2758 1313(remote)N
10 s
2522 1272 MXY
432 238 De
3 f
1584 1048(1)N
1 f
10 f
1674 1167(c)N
1097(c)Y
1017(c)Y
937(c)Y
1686 925 MXY
-12 -48 Dl
1662 925 MXY
12 -48 Dl
3 f
1871 1048(2)N
1 f
1827 912 MXY
0 240 Dl
1815 1104 MXY
12 48 Dl
1839 1104 MXY
-12 48 Dl
3 f
2161 1005(3)N
1 f
1979 1187 MXY
543 -395 Dl
2491 830 MXY
31 -38 Dl
2476 810 MXY
46 -18 Dl
3 f
2358 1090(4)N
1 f
2586 877 MXY
-543 395 Dl
2074 1234 MXY
-31 38 Dl
2089 1253 MXY
-46 19 Dl
3 f
2259 1324(5)N
1 f
10 f
1979 1356(h)N
1986(hhhhhhhhhhhhhhh)X
2538 1368 MXY
48 -12 Dl
2538 1344 MXY
48 12 Dl
3 f
1199 1592(1.)N
1 f
1289(Client)X
9 f
1539 MX
(->)174 987 oc
1 f
1640(TGS)X
8 s
1805 1617(local)N
10 s
1941 1592(:)N
1985({A)X
8 s
2070 1617(c)N
10 s
2098 1592(}K)N
8 s
2187 1617(c,tgs)N
10 s
2344 1592(,{T)N
8 s
2446 1617(c,tgs)N
10 s
2581 1592(}K)N
8 s
2670 1617(tgs)N
10 s
2781 1592(,)N
2825(tgs)X
8 s
2936 1617(rem)N
3 f
10 s
1199 1704(2.)N
1 f
1289(TGS)X
8 s
1454 1729(local)N
10 s
9 f
1612 1704 MXY
(->)174 987 oc
1 f
1713(Client:)X
1985({K)X
8 s
2074 1729(c,tgs)N
6 s
2209 1748(rem)N
10 s
1704(}K)Y
8 s
2386 1729(c,tgs)N
10 s
2543 1704(,{T)N
8 s
2645 1729(c,tgs)N
6 s
2780 1748(rem)N
10 s
1704(}K)Y
8 s
2957 1729(tgs)N
6 s
3046 1748(rem)N
3 f
10 s
1199 1816(3.)N
1 f
1289(Client)X
9 f
1539 MX
(->)174 987 oc
1 f
1640(TGS)X
8 s
1805 1841(remote)N
10 s
2011 1816(:)N
2055({A)X
8 s
2140 1841(c)N
10 s
2168 1816(}K)N
8 s
2257 1841(c,tgs)N
6 s
2392 1860(rem)N
10 s
2502 1816(,{T)N
8 s
2604 1841(c,tgs)N
6 s
2739 1860(rem)N
10 s
1816(}K)Y
8 s
2916 1841(tgs)N
6 s
3005 1860(rem)N
10 s
1816(,)Y
3137(s)X
8 s
3174 1841(rem)N
3 f
10 s
1199 1928(4.)N
1 f
1289(TGS)X
8 s
1454 1953(remote)N
10 s
9 f
1682 1928 MXY
(->)174 987 oc
1 f
1783(Client:)X
2055({K)X
8 s
2144 1953(c,s)N
6 s
2220 1972(rem)N
10 s
1928(}K)Y
8 s
2397 1953(c,tgs)N
6 s
2532 1972(rem)N
10 s
2642 1928(,{T)N
8 s
2744 1953(c,s)N
6 s
2820 1972(rem)N
10 s
1928(}K)Y
8 s
2997 1953(s)N
6 s
3027 1972(rem)N
3 f
10 s
1199 2040(5.)N
1 f
1289(Client)X
9 f
1539 MX
(->)174 987 oc
1 f
1640(Server)X
8 s
1885 2065(remote)N
10 s
2091 2040(:)N
2157({A)X
8 s
2242 2065(c)N
10 s
2270 2040(}K)N
8 s
2359 2065(c,s)N
6 s
2435 2084(rem)N
10 s
2545 2040(,{T)N
8 s
2647 2065(c,s)N
6 s
2723 2084(rem)N
10 s
2040(}K)Y
8 s
2900 2065(s)N
6 s
2930 2084(rem)N
10 s
1199 2248(\(In)N
1329(version)X
1621(4,)X
1709(message)X
3 f
2043(2)X
1 f
2111(is)X
2195({K)X
8 s
2284 2273(c,tgs)N
6 s
2419 2292(rem)N
10 s
2529 2248(,{T)N
8 s
2631 2273(c,tgs)N
6 s
2766 2292(rem)N
10 s
2248(}K)Y
8 s
2943 2273(tgs)N
6 s
3032 2292(rem)N
10 s
2248(}K)Y
8 s
3209 2273(c,tgs)N
10 s
3344 2248(,)N
1199 2360(and)N
1360(message)X
3 f
1694(4)X
1 f
1762(is)X
1846({K)X
8 s
1935 2385(c,s)N
6 s
2011 2404(rem)N
10 s
2121 2360(,{T)N
8 s
2223 2385(c,s)N
6 s
2299 2404(rem)N
10 s
2360(}K)Y
8 s
2476 2385(s)N
6 s
2506 2404(rem)N
10 s
2360(}K)Y
8 s
2683 2385(c,tgs)N
6 s
2818 2404(rem)N
10 s
2360(\))Y
3 f
1411 2520(Figure)N
1713(3:)X
2 f
1803(Getting)X
2098(a)X
2166(foreign)X
2446(realm)X
2684 0.5625(service)AX
2955(ticket)X
1 f
1855 3596(EDU)N
1707 3652 MXY
0 -144 Dl
10 f
(hhhhhhhhhhhh)S
0 144 Dl
1707(hhhhhhhhhhhh)X
1 f
2579 3116(MIT.EDU)N
2523 3172 MXY
0 -144 Dl
10 f
(hhhhhhhhhhhh)S
0 144 Dl
2523(hhhhhhhhhhhh)X
1 f
2399 3596(Berkeley.EDU)N
2379 3652 MXY
0 -144 Dl
10 f
(h)S
2395(hhhhhhhhhhhhhh)X
0 144 Dl
2379(h)X
2395(hhhhhhhhhhhhhh)X
1 f
1599 3116(UMICH.EDU)N
1563 3172 MXY
0 -144 Dl
10 f
(h)S
1579(hhhhhhhhhhhhhh)X
0 144 Dl
1563(h)X
1579(hhhhhhhhhhhhhh)X
1 f
2048 2828(IFS.UMICH.EDU)N
2019 2884 MXY
0 -144 Dl
10 f
(hhhhhhhhhhhhhhhhhh)S
0 144 Dl
2019(hhhhhhhhhhhhhhhhhh)X
2235 3496 MXY
-48 12 Dl
2235 3520 MXY
-48 -12 Dl
192 0 Dl
2331 3520 MXY
48 -12 Dl
2331 3496 MXY
48 12 Dl
2156 3468 MXY
-29 40 Dl
2171 3486 MXY
-44 22 Dl
396 -336 Dl
2494 3212 MXY
29 -40 Dl
2479 3194 MXY
44 -22 Dl
2073 3459 MXY
-6 49 Dl
2095 3468 MXY
-28 40 Dl
240 -624 Dl
2301 2933 MXY
6 -49 Dl
2279 2924 MXY
28 -40 Dl
1922 3465 MXY
25 43 Dl
1945 3459 MXY
2 49 Dl
-96 -336 Dl
1876 3215 MXY
-25 -43 Dl
1853 3221 MXY
-2 -49 Dl
2669 3459 MXY
-2 49 Dl
2692 3465 MXY
-25 43 Dl
96 -336 Dl
2761 3221 MXY
2 -49 Dl
2738 3215 MXY
25 -43 Dl
2501 3464 MXY
22 44 Dl
2524 3459 MXY
-1 49 Dl
-144 -624 Dl
2401 2928 MXY
-22 -44 Dl
2378 2933 MXY
1 -49 Dl
2410 3481 MXY
41 27 Dl
2427 3465 MXY
24 43 Dl
-312 -336 Dl
2180 3199 MXY
-41 -27 Dl
2163 3215 MXY
-24 -43 Dl
2743 2983 MXY
20 45 Dl
2767 2979 MXY
-4 49 Dl
-24 -144 Dl
2759 2929 MXY
-20 -45 Dl
2735 2933 MXY
4 -49 Dl
2475 3112 MXY
48 -12 Dl
2475 3088 MXY
48 12 Dl
2139(h)X
2163(hhhhhhhhh)X
2187 3088 MXY
-48 12 Dl
2187 3112 MXY
-48 -12 Dl
1990 2924 MXY
29 -40 Dl
1975 2906 MXY
44 -22 Dl
-168 144 Dl
1880 2988 MXY
-29 40 Dl
1895 3006 MXY
-44 22 Dl
3 f
1483 3805(Figure)N
1785(4:)X
2 f
1875(Version)X
2177(4)X
2243(realm)X
2481 0.2583(interconnections)AX
1 f
555 3997(Kerberos)N
942(version)X
1264(4)X
1360(uses)X
1574(a)X
1669(non-standard)X
555 4093(modi\256ed)N
911(version)X
1220(called)X
1475(plain-)X
1730(and)X
1908(cipher-)X
555 4189(block-chaining)N
1154(mode)X
1410(\()X
8 s
1437(PCBC)X
10 s
1618(\).)X
1748(This)X
1970(mode)X
555 4285(was)N
728(an)X
850(attempt)X
1173(to)X
1273(provide)X
1578(data)X
1772(encryption)X
555 4381(and)N
734(integrity)X
1097(protection)X
1511(in)X
1625(one)X
1794(operation.)X
555 4477(Unfortunately,)N
1191(it)X
1332(is)X
1478(\257awed)X
1803(since)X
2074(an)X
555 4573(intruder)N
896(can)X
1054(modify)X
1335(a)X
1408(message)X
1749(with)X
1945(a)X
2017(spe-)X
555 4669(cial)N
731(block-exchange)X
1341(attack)X
1620(and)X
1804(have)X
2025(this)X
555 4765(modi\256cation)N
1057(pass)X
1267(undetected)X
1721(to)X
1838(the)X
2003(reci-)X
555 4861(pient)N
768([Koh89].)X
3 f
555 4985(Authenticators)N
1232(and)X
1438(replay)X
1754(detection:)X
1 f
755 5081(Kerberos)N
1118(version)X
1416(4)X
1488(uses)X
1679(an)X
1800(encrypted)X
755 5177(timestamp)N
1175(method)X
1476(to)X
1571(verify)X
1808(the)X
1951(fresh-)X
755 5273(ness)N
982(of)X
1112(messages)X
1524(and)X
1726(prevent)X
2074(an)X
755 5369(intruder)N
1127(from)X
1360(staging)X
1691(a)X
1794(successful)X
755 5465(replay)N
1050(attack.)X
1389(If)X
1509(an)X
1662(authenticator)X
755 5561(\(which)N
1029(contains)X
1366(the)X
1512(timestamp\))X
1960(is)X
2047(out)X
755 5657(of)N
847(date)X
1033(or)X
1133(is)X
1219(being)X
1444(replayed,)X
1810(the)X
1954(appli-)X
755 5753(cation)N
1022(server)X
1296(rejects)X
1581(the)X
1742(authentica-)X
755 5849(tion.)N
982(However,)X
1370(maintaining)X
1863(a)X
1945(list)X
2100(of)X
2599 3997(unexpired)N
3006(authenticators)X
3581(which)X
3835(have)X
2599 4093(already)N
2922(been)X
3140(presented)X
3550(to)X
3666(a)X
3754(service)X
2599 4189(can)N
2777(be)X
2910(hard)X
3134(to)X
3253(implement)X
3699(properly)X
2599 4285(\(and)N
2789(indeed)X
3059(is)X
3144(not)X
3287(implemented)X
3794(in)X
3891(the)X
2599 4381(version)N
2909(4)X
2993(implementation)X
8 s
3616(MIT)X
10 s
3784(distri-)X
2599 4477(butes\).)N
3 f
2399 4601(Password)N
2847(attacks:)X
1 f
3215(The)X
3400(initial)X
3667(exchange)X
2599 4697(with)N
2790(the)X
2934(Kerberos)X
3293(server)X
3549(encrypts)X
3891(the)X
2599 4793(response)N
2973(with)X
3189(a)X
3282(client's)X
3590(secret)X
3858(key,)X
2599 4889(which)N
2861(in)X
2976(the)X
3137(case)X
3335(of)X
3443(a)X
3528(user)X
3730(is)X
3832(algo-)X
2599 4985(rithmically)N
3044(derived)X
3355(from)X
3563(a)X
3641(password.)X
2599 5081(An)N
2770(intruder)X
3146(is)X
3271(able)X
3487(to)X
3621(record)X
3918(an)X
2599 5177(exchange)N
2997(of)X
3118(this)X
3313(sort)X
3510(and,)X
3724(without)X
2599 5273(alerting)N
2942(any)X
3128(system)X
3437(administrators,)X
2599 5369(attempt)N
2937(to)X
3052(discover)X
3399(the)X
3562(user's)X
3820(pass-)X
2599 5465(word)N
2810(by)X
2924(decrypting)X
3346(the)X
3493(response)X
3844(with)X
2599 5561(each)N
2850(password)X
3279(guess.)X
3610(Since)X
3891(the)X
2599 5657(response)N
2981(from)X
3212(the)X
3388(Kerberos)X
3779(server)X
2599 5753(includes)N
2938(plaintext)X
3304(she)X
3462(can)X
3623(verify,)X
3891(the)X
2599 5849(intruder)N
2949(can)X
3116(try)X
3264(as)X
3382(many)X
3626(passwords)X
6 p
%%Page: 6 6
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(6)X
2327(-)X
755 672(as)N
889(she)X
1068(has)X
1251(available,)X
1660(and)X
1852(she)X
2030(will)X
755 768(know)N
1006(when)X
1258(she's)X
1489(found)X
1752(the)X
1923(proper)X
755 864(password,)N
1249(since)X
1560(the)X
1803(decrypted)X
755 960(response)N
1102(will)X
1261(make)X
1486(sense)X
1711([Lom89].)X
3 f
555 1084(Session)N
910(keys:)X
1 f
1162(Each)X
1391(ticket)X
1644(issued)X
1919(by)X
2047(the)X
8 s
755 1180(KDC)N
10 s
949(contains)X
1308(a)X
1400(key)X
1578(speci\256c)X
1894(to)X
2012(that)X
755 1276(ticket,)N
1044(called)X
1316(a)X
1416(session)X
1737(key,)X
1946(which)X
755 1372(may)N
944(be)X
1059(used)X
1262(by)X
1380(the)X
1530(client)X
1766(and)X
1935(server)X
755 1468(to)N
859(protect)X
1152(their)X
1366(communications)X
2002(once)X
755 1564(authentication)N
1340(has)X
1512(been)X
1727(established.)X
755 1660(However,)N
1156(since)X
1394(many)X
1652(clients)X
1946(use)X
2123(a)X
755 1756(ticket)N
1002(multiple)X
1350(times)X
1590(during)X
1873(a)X
1952(user's)X
755 1852(session,)N
1099(it)X
1211(may)X
1425(be)X
1565(possible)X
1915(for)X
2074(an)X
755 1948(intruder)N
1113(to)X
1230(replay)X
1510(messages)X
1904(from)X
2123(a)X
755 2044(previous)N
1149(connection)X
1622(to)X
1771(clients)X
2091(or)X
755 2140(servers)N
1053(which)X
1303(do)X
1418(not)X
1567(properly)X
1907(protect)X
755 2236(themselves)N
1232(\(again,)X
8 s
1545(MIT)X
10 s
1674('s)X
1790(version)X
2123(4)X
755 2332(implementation)N
1419(does)X
1659(not)X
1855(properly)X
755 2428(implement)N
1222(this)X
1433(protection)X
1876(for)X
2047(the)X
8 s
755 2524(KRB_SAFE)N
10 s
1169(and)X
8 s
1369(KRB_PRIV)X
10 s
1769(messages\).)X
755 2620(Additionally,)N
1278(there)X
1518(are)X
1682(situations)X
2093(in)X
755 2716(which)N
1009(a)X
1086(client)X
1325(wishes)X
1608(to)X
1712(share)X
1950(a)X
2026(ses-)X
755 2812(sion)N
951(key)X
1126(with)X
1337(several)X
1646(servers.)X
2003(This)X
755 2908(requires)N
1109(special)X
1409(non-standard)X
1954(appli-)X
755 3004(cation)N
1002(negotiations)X
1478(in)X
1574(version)X
1866(4.)X
3 f
555 3128(Cryptographic)N
1221(checksum:)X
1 f
1712(The)X
1908(crypto-)X
755 3224(graphic)N
1056(checksum)X
1444(\(sometimes)X
1885(called)X
2123(a)X
755 3320(message)N
1102(authentication)X
1680(code)X
1877(or)X
1988(hash)X
755 3416(or)N
854(digest)X
1099(function\))X
1455(used)X
1650(in)X
1747(version)X
2039(4)X
2105(is)X
755 3512(based)N
1035(on)X
1192(the)X
1380(quadratic)X
1803(algorithm)X
755 3608(described)N
1139(in)X
1247([Jue85].)X
1600(The)X
8 s
1771(MIT)X
10 s
1933(imple-)X
755 3704(mentation)N
1160(does)X
1348(not)X
1493(perform)X
1813(this)X
1979(func-)X
755 3800(tion)N
950(as)X
1081(described;)X
1503(the)X
1672(suitability)X
2100(of)X
755 3896(the)N
940(modi\256ed)X
1321(version)X
1655(as)X
1800(a)X
1908(crypto-)X
755 3992(graphic)N
1091(checksum)X
1514(function)X
1876(is)X
1994(unk-)X
755 4088(nown.)N
3 f
555 4280(3.)N
686(Remedies)X
1130(and)X
1328(changes)X
1706(introduced)X
555 4376(with)N
767(version)X
1100(5)X
1 f
555 4500(Version)N
864(5)X
932(of)X
1022(the)X
1165(protocol)X
1482(has)X
1635(slowly)X
1890(evolved)X
555 4596(over)N
758(the)X
922(past)X
1124(two)X
1301(years)X
1545(based)X
1800(on)X
1933(imple-)X
555 4692(mentation)N
1029(experience)X
1517(and)X
1749(discussions)X
555 4788(within)N
829(the)X
982(community)X
1430(of)X
1530(Kerberos)X
1897(version)X
555 4884(4)N
632(users.)X
907(Its)X
1039(\256nal)X
1238(form)X
1444(is)X
1538(now)X
1721(nearing)X
2039(clo-)X
555 4980(sure,)N
764(and)X
927(a)X
995(draft)X
1203(description)X
1638(of)X
1729(the)X
1873(protocol)X
555 5076(is)N
648(available)X
1012([Koh90].)X
1379(It)X
1472(addresses)X
1865(the)X
2015(con-)X
555 5172(cerns)N
791(above)X
1040(and)X
1217(provides)X
1567(additional)X
1979(func-)X
555 5268(tionality.)N
3 f
555 5460(3.1.)N
735(Changes)X
1113(between)X
1485(versions)X
1858(4)X
1926(and)X
2105(5)X
2399 672(Use)N
2574(of)X
2676(encryption)X
1 f
2399 796(To)N
2520(modularise)X
2961(the)X
3108(system)X
3394(and)X
3560(ease)X
3748(export-)X
2399 892(regulation)N
2809(considerations)X
3371(for)X
3501(version)X
3798(5,)X
3891(the)X
2399 988(use)N
2554(of)X
2650(encryption)X
3074(is)X
3165(separated)X
3558(into)X
3731(distinct)X
2399 1084(software)N
2744(modules)X
3080(which)X
3328(can)X
3484(be)X
3595(replaced)X
3935(or)X
2399 1180(removed)N
2768(by)X
2908(the)X
3080(programmer)X
3595(as)X
3728(needed.)X
2399 1276(When)N
2641(encryption)X
3062(is)X
3150(used)X
3348(in)X
3448(a)X
3517(protocol)X
3836(mes-)X
2399 1372(sage,)N
2621(the)X
2777(ciphertext)X
3190(is)X
3288(tagged)X
3570(with)X
3772(a)X
3851(type)X
2399 1468(identi\256er)N
2770(so)X
2877(that)X
3061(the)X
3210(recipient)X
3567(can)X
3725(identify)X
2399 1564(the)N
2620(appropriate)X
3155(decryption)X
3647(algorithm)X
2399 1660(necessary)N
2783(to)X
2876(interpret)X
3232(the)X
3374(message.)X
2399 1784(Each)N
2633(encryption)X
3074(algorithm)X
3484(is)X
3592(responsible)X
2399 1880(for)N
2531(providing)X
2913(suf\256cient)X
3285(integrity)X
3637(protection)X
2399 1976(for)N
2542(the)X
2702(plaintext)X
3076(so)X
3193(that)X
3388(the)X
3547(receiver)X
3882(can)X
2399 2072(verify)N
2650(that)X
2842(the)X
2999(ciphertext)X
3413(was)X
3593(not)X
3749(altered)X
2399 2168(in)N
2508(transit.)X
2839(If)X
2932(the)X
3086(algorithm)X
3484(does)X
3681(not)X
3835(have)X
2399 2264(such)N
2616(properties,)X
3061(it)X
3163(can)X
3337(be)X
3466(augmented)X
3924(by)X
2399 2360(including)N
2812(a)X
2922(checksum)X
3353(in)X
3492(the)X
3677(plaintext)X
2399 2456(before)N
2668(encryption.)X
3148(By)X
3290(doing)X
3534(this,)X
3739(we)X
3882(can)X
2399 2552(discard)N
2696(the)X
2843(\257awed)X
8 s
3107(PCBC)X
3311(DES)X
10 s
3474(mode,)X
3720(and)X
3885(use)X
2399 2648(the)N
2552(standard)X
8 s
2914(CBC)X
10 s
3085(mode)X
3314(with)X
3513(an)X
3638(embedded)X
2399 2744(checksum)N
2787(over)X
2968(the)X
3110(plaintext.)X
2399 2868(Encryption)N
2834(keys)X
3024(are)X
3166(tagged)X
3435(with)X
3624(a)X
3690(type)X
3872(and)X
2399 2964(length)N
2699(when)X
2961(they)X
3186(appear)X
3504(in)X
3640(messages.)X
2399 3060(Since)N
2628(it)X
2713(is)X
2804(conceivable)X
3255(to)X
3355(use)X
3510(the)X
3659(same)X
3880(key)X
2399 3156(type)N
2604(in)X
2722(multiple)X
3078(encryption)X
3517(systems)X
3857(\(e.g.)X
2399 3252(different)N
2747(variations)X
3148(on)X
8 s
3259(DES)X
10 s
3421(encryption\),)X
3891(the)X
2399 3348(key)N
2574(type)X
2778(may)X
2980(not)X
3144(map)X
3349(one-to-one)X
3776(to)X
3891(the)X
2399 3444(encryption)N
2816(type.)X
3 f
2399 3636(Network)N
2783(addresses)X
1 f
2399 3760(When)N
2651(network)X
2993(addresses)X
3391(appear)X
3682(in)X
3791(proto-)X
2399 3856(col)N
2556(messages,)X
2983(they)X
3202(are)X
3378(similarly)X
3764(tagged)X
2399 3952(with)N
2589(a)X
2656(type)X
2839(and)X
3001(length)X
3260(\256eld)X
3442(so)X
3541(the)X
3683(recipient)X
2399 4048(can)N
2555(interpret)X
2915(them)X
3132(properly.)X
3514(If)X
3599(a)X
3669(host)X
3852(sup-)X
2399 4144(ports)N
2643(multiple)X
3009(network)X
3368(protocols)X
3752(or)X
3881(has)X
2399 4240(multiple)N
2767(addresses)X
3185(of)X
3307(a)X
3406(single)X
3680(type,)X
3917(all)X
2399 4336(types)N
2626(and)X
2795(all)X
2919(addresses)X
3312(can)X
3471(be)X
3585(provided)X
3937(in)X
2399 4432(a)N
2465(ticket.)X
3 f
2399 4624(Message)N
2769(encoding)X
1 f
2399 4748(Network)N
2808(messages)X
3244(in)X
3405(version)X
3761(5)X
3891(are)X
2399 4844(described)N
2780(using)X
3014(the)X
3165(Abstract)X
3513(Syntax)X
3804(Nota-)X
2399 4940(tion)N
2606(One)X
2819(\()X
8 s
2846(ASN.1)X
10 s
3038(\))X
3127(syntax)X
3436([ISO8824])X
3872(and)X
2399 5036(encoded)N
2747(according)X
3153(to)X
3275(the)X
3446(basic)X
3683(encoding)X
2399 5132(rules)N
2624([ISO8825].)X
3079(This)X
3280(avoids)X
3552(the)X
3709(problem)X
2399 5228(of)N
2516(independently)X
3094(specifying)X
3514(the)X
3683(encoding)X
2399 5324(for)N
2548(multi-byte)X
2980(quantities)X
3401(as)X
3528(was)X
3717(done)X
3937(in)X
2399 5420(version)N
2710(4.)X
2839(It)X
2943(makes)X
3224(the)X
3384(protocol)X
3718(descrip-)X
2399 5516(tion)N
2569(look)X
2747(quite)X
2960(different)X
3305(from)X
3503(version)X
3797(4,)X
3887(but)X
2399 5612(it)N
2483(is)X
2573(primarily)X
2952(the)X
3100(presentation)X
3595(of)X
3689(the)X
3836(mes-)X
2399 5708(sage)N
2591(\256elds)X
2815(that)X
2997(changes;)X
3344(the)X
3491(essence)X
3797(of)X
3891(the)X
2399 5804(Kerberos)N
2756(version)X
3048(4)X
3114(protocol)X
3430(remains.)X
7 p
%%Page: 7 7
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(7)X
2327(-)X
2155 760(EDU)N
1959 816 MXY
0 -144 Dl
10 f
(h)S
1975(hhhhhhhhhhhhhh)X
0 144 Dl
1959(h)X
1975(hhhhhhhhhhhhhh)X
1 f
1979 1144(Berkeley.EDU)N
1959 1200 MXY
0 -144 Dl
10 f
(h)S
1975(hhhhhhhhhhhhhh)X
0 144 Dl
1959(h)X
1975(hhhhhhhhhhhhhh)X
1 f
1247 1144(MIT.EDU)N
1143 1200 MXY
0 -144 Dl
10 f
(h)S
1159(hhhhhhhhhhhhhh)X
0 144 Dl
1143(h)X
1159(hhhhhhhhhhhhhh)X
1 f
2811 1144(UMICH.EDU)N
2775 1200 MXY
0 -144 Dl
10 f
(h)S
2791(hhhhhhhhhhhhhh)X
0 144 Dl
2775(h)X
2791(hhhhhhhhhhhhhh)X
1 f
2732 1528(IFS.UMICH.EDU)N
2703 1584 MXY
0 -144 Dl
10 f
(hhhhhhhhhhhhhhhhhh)S
0 144 Dl
2703(hhhhhhhhhhhhhhhhhh)X
1920 847 MXY
39 -31 Dl
1910 825 MXY
49 -9 Dl
-528 240 Dl
1470 1025 MXY
-39 31 Dl
1480 1047 MXY
-49 9 Dl
2259 864 MXY
-12 -48 Dl
2235 864 MXY
12 -48 Dl
0 240 Dl
2235 1008 MXY
12 48 Dl
2259 1008 MXY
-12 48 Dl
2584 825 MXY
-49 -9 Dl
2574 847 MXY
-39 -31 Dl
528 240 Dl
3014 1047 MXY
49 9 Dl
3024 1025 MXY
39 31 Dl
3075 1248 MXY
-12 -48 Dl
3051 1248 MXY
12 -48 Dl
0 240 Dl
3051 1392 MXY
12 48 Dl
3075 1392 MXY
-12 48 Dl
1 f
1457 1372(shortcut)N
1788(link)X
1507 1194 MXY
-76 6 Dl
1495 1240 MXY
-64 -40 Dl
23 6 Dl
1477 1211 MXY
24 6 Dl
1523 1223 MXY
24 5 Dl
1570 1234 MXY
23 6 Dl
1616 1245 MXY
23 6 Dl
1662 1257 MXY
24 5 Dl
1708 1268 MXY
24 6 Dl
1755 1279 MXY
23 6 Dl
1801 1291 MXY
23 5 Dl
1847 1302 MXY
24 6 Dl
1893 1313 MXY
24 6 Dl
1940 1325 MXY
23 5 Dl
1986 1336 MXY
23 6 Dl
2032 1347 MXY
24 6 Dl
2078 1359 MXY
24 6 Dl
2125 1370 MXY
23 6 Dl
2171 1382 MXY
23 5 Dl
2217 1393 MXY
24 6 Dl
2263 1404 MXY
24 6 Dl
2310 1416 MXY
23 5 Dl
2356 1427 MXY
23 6 Dl
2402 1438 MXY
24 6 Dl
2448 1450 MXY
24 5 Dl
2495 1461 MXY
23 6 Dl
2541 1472 MXY
23 6 Dl
2587 1484 MXY
24 5 Dl
2633 1495 MXY
24 6 Dl
2680 1506 MXY
23 6 Dl
2627 1518 MXY
76 -6 Dl
2639 1472 MXY
64 40 Dl
3 f
1512 1737(Figure)N
1814(5:)X
2 f
1904(A)X
1982(version)X
2270(5)X
2336(hierarchy)X
2713(of)X
2802(realms)X
3 f
555 1929(Ticket)N
842(changes)X
1 f
555 2053(The)N
762(Kerberos)X
1162(version)X
1497(5)X
1605(ticket)X
1880(has)X
2074(an)X
555 2149(expanded)N
989(format)X
1318(to)X
1469(accommodate)X
2047(the)X
555 2245(required)N
898(changes)X
1222(from)X
1422(the)X
1568(version)X
1864(4)X
1934(ticket.)X
555 2341(It)N
643(is)X
730(split)X
918(into)X
1087(two)X
1244(parts,)X
1484(one)X
1637(encrypted)X
2028(and)X
555 2437(the)N
711(other)X
943(in)X
1053(plaintext.)X
1466(The)X
1643(server's)X
1963(name)X
555 2533(in)N
667(the)X
824(ticket)X
1072(is)X
1171(in)X
1282(plaintext,)X
1675(since)X
1899(it)X
1992(need)X
555 2629(not)N
703(be)X
815(encrypted)X
1210(to)X
1309(provide)X
1613(secure)X
1878(authen-)X
555 2725(tication.)N
919(The)X
1122(server's)X
1468(name)X
1733(is)X
1856(retained)X
555 2821(since)N
770(it)X
853(may)X
1038(be)X
1149(needed)X
1437(to)X
1535(select)X
1771(a)X
1842(key)X
2000(with)X
555 2917(which)N
808(to)X
911(decrypt)X
1221(the)X
1373(ticket)X
1616(if)X
1699(a)X
1774(server)X
2037(has)X
555 3013(multiple)N
898(identities)X
1278(\(such)X
1507(as)X
1619(an)X
1743(inter-realm)X
8 s
555 3109(TGS)N
10 s
688(\).)X
799(Everything)X
1256(else)X
1437(remains)X
1778(encrypted.)X
555 3205(The)N
725(ticket)X
964(lifetime)X
1276(is)X
1366(encoded)X
1691(as)X
1800(a)X
1871(starting)X
555 3301(time)N
749(and)X
915(an)X
1035(expiration)X
1441(time)X
1635(\(rather)X
1924(than)X
2123(a)X
555 3397(speci\256c)N
850(lifetime)X
1160(\256eld\),)X
1395(affording)X
1757(nearly)X
2019(lim-)X
555 3493(itless)N
782(ticket)X
1025(lifetimes.)X
1422(The)X
1596(new)X
1779(ticket)X
2021(also)X
555 3589(contains)N
907(a)X
992(new)X
1184(\257ags)X
1398(\256eld)X
1599(and)X
1779(other)X
2016(new)X
555 3685(\256elds)N
812(used)X
1043(to)X
1173(enable)X
1474(the)X
1653(new)X
1863(features)X
555 3781(described)N
963(below)X
1231(\(such)X
1486(as)X
1624(authentication)X
555 3877(forwarding\).)N
3 f
555 4069(Naming)N
904(principals)X
1 f
555 4193(Principal)N
943(identi\256ers)X
1369(are)X
1537(multi-component)X
555 4289(names)N
889(in)X
1056(Kerberos)X
1483(version)X
1845(5.)X
2025(The)X
555 4385(identi\256er)N
958(is)X
1082(encoded)X
1441(in)X
1576(two)X
1770(parts,)X
2047(the)X
555 4481(realm)N
796(and)X
960(the)X
1105(remainder)X
1517(of)X
1609(the)X
1753(name.)X
2025(The)X
555 4577(realm)N
808(is)X
907(separate)X
1262(to)X
1369(facilitate)X
1733(easy)X
1933(imple-)X
555 4673(mentation)N
970(of)X
1072(realm-traversal)X
1686(routines)X
2028(and)X
555 4769(realm-sensitive)N
1252(access)X
1609(checks.)X
2025(The)X
555 4865(remainder)N
989(of)X
1103(the)X
1270(name)X
1521(is)X
1629(a)X
1719(sequence)X
2100(of)X
555 4961(however)N
906(many)X
1154(components)X
1634(are)X
1795(needed)X
2096(to)X
555 5057(name)N
800(the)X
961(principal.)X
1378(The)X
1561(realm)X
1818(and)X
1998(each)X
555 5153(component)N
1027(of)X
1164(the)X
1353(remainder)X
1809(are)X
1998(each)X
555 5249(encoded)N
893(as)X
1015(an)X
8 s
1145(ASN.1)X
7 f
10 s
1404(GeneralString)X
1 f
(,)S
2090(so)X
555 5345(there)N
787(are)X
943(few)X
1107(practical)X
1465(restrictions)X
1923(on)X
2047(the)X
555 5441(characters)N
966(available)X
1322(for)X
1447(principal)X
1801(names.)X
3 f
2399 1929(Inter-realm)N
2903(support)X
1 f
2399 2053(In)N
2538(version)X
2865(5,)X
2988(different)X
3366(Kerberos)X
3758(realms)X
2399 2149(cooperate)N
2803(by)X
2941(establishing)X
3441(a)X
3536(hierarchy)X
3944(of)X
2399 2245(realms)N
2693(\(based)X
2972(on)X
3102(the)X
3262(name)X
3506(of)X
3613(the)X
3773(realm;)X
2399 2341(see)N
2547(Figure)X
2823(5\).)X
2968(Any)X
3148(realm)X
3394(can)X
3553(interoperate)X
2399 2437(with)N
2604(any)X
2778(other)X
3012(realm)X
3266(in)X
3378(the)X
3535(hierarchy)X
3930(as)X
2399 2533(long)N
2613(as)X
2750(they)X
2969(can)X
3154(interoperate)X
3668(with)X
3891(the)X
2399 2629(realms)N
2710(between)X
3074(them)X
3323(in)X
3454(the)X
3631(hierarchy.)X
2399 2725(Each)N
2637(realm)X
2904(exchanges)X
3336(a)X
3431(different)X
3803(inter-)X
2399 2821(realm)N
2655(key)X
2826(with)X
3033(its)X
3165(parent)X
3450(node)X
3664(and)X
3842(each)X
2399 2917(child)N
2617(node,)X
2850(and)X
3025(uses)X
3224(that)X
3415(key)X
3582(and)X
3757(a)X
3837(com-)X
2399 3013(mon)N
2583(encryption)X
3002(system)X
3285(to)X
3380(obtain)X
3637(tickets)X
3908(for)X
2399 3109(each)N
2593(successive)X
2998(realm)X
3239(along)X
3465(the)X
3609(path.)X
3847(This)X
2399 3205(arrangement)N
2930(reduces)X
3262(the)X
3430(number)X
3766(of)X
3880(key)X
2399 3301(exchanges)N
2802(to)X
2 f
2895(O)X
1 f
2970(\(log\()X
2 f
3132(n)X
1 f
3188(\)\).)X
2399 3425(When)N
2665(an)X
2808(application)X
3269(needs)X
3531(to)X
3651(contact)X
3967(a)X
2399 3521(server)N
2656(in)X
2755(a)X
2824(foreign)X
3109(realm,)X
3371(it)X
3451("walks")X
3753(up)X
3872(and)X
2399 3617(down)N
2667(the)X
2858(tree)X
3075(toward)X
3404(the)X
3594(destination)X
2399 3713(realm,)N
2662(contacting)X
3071(each)X
3265(realm's)X
8 s
3555(KDC)X
10 s
3726(in)X
3824(turn,)X
2399 3809(asking)N
2689(for)X
2835(a)X
2922(ticket-granting)X
3523(ticket)X
3777(to)X
3891(the)X
2399 3905(foreign)N
2690(realm.)X
2981(In)X
3093(most)X
3303(cases,)X
3550(the)X
8 s
3697(KDC)X
10 s
3874(will)X
2399 4001(issue)N
2639(a)X
2735(ticket)X
2998(for)X
3153(the)X
3325(next)X
3540(node)X
3766(in)X
3891(the)X
2399 4097(proper)N
2667(direction)X
3019(on)X
3132(the)X
3276(tree.)X
3491(If)X
3574(a)X
3642(realm)X
3881(has)X
2399 4193(established)N
2842(a)X
2911("shortcut")X
3307(spanning)X
3673(link)X
3844(with)X
2399 4289(some)N
2616(realm)X
2861(further)X
3158(in)X
3261(the)X
3410(path,)X
3630(it)X
3714(issues)X
3967(a)X
2399 4385(ticket-granting)N
3050(ticket)X
3353(for)X
3548(that)X
3795(realm)X
2399 4481(instead.)N
2747(This)X
2943(way)X
3123(every)X
3356(realm)X
3603(can)X
3763(intero-)X
2399 4577(perate,)N
2697(and)X
2875(heavily-traveled)X
3515(paths)X
3760(can)X
3927(be)X
2399 4673(optimised)N
2782(with)X
2971(a)X
3037(direct)X
3273(link.)X
2399 4797(When)N
2644(a)X
2717(ticket)X
2957(for)X
3089(the)X
3238(end)X
3401(service)X
3686(is)X
3776(\256nally)X
2399 4893(issued,)N
2678(it)X
2757(will)X
2917(contain)X
3214(an)X
3330(enumeration)X
3827(of)X
3917(all)X
2399 4989(the)N
2578(realms)X
2890(consulted)X
3302(in)X
3435(the)X
3614(process)X
3944(of)X
2399 5085(requesting)N
2875(the)X
3076(ticket.)X
3412(An)X
3600(application)X
2399 5181(server)N
2681(which)X
2952(applies)X
3265(strict)X
3510(authorization)X
2399 5277(rules)N
2622(is)X
2719(permitted)X
3120(to)X
3226(reject)X
3468(authentication)X
2399 5373(which)N
2676(passes)X
2973(through)X
3326(certain)X
3643(untrusted)X
2399 5469(realms.)N
8 p
%%Page: 8 8
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(8)X
2327(-)X
3 f
555 672(3.2.)N
735(New)X
941(protocol)X
1311(features)X
1676(in)X
1783(version)X
2116(5)X
555 864(Ticketing)N
976(options)X
1 f
555 988(In)N
665(addition)X
1000(to)X
1100(the)X
1249(ticket)X
1488(changes)X
1814(discussed)X
555 1084(above,)N
827(there)X
1062(are)X
1221(a)X
1304(set)X
1451(of)X
1557(timestamps)X
2028(and)X
555 1180(\257ags)N
758(which)X
1009(allow)X
1235(more)X
1452(\257exible)X
1748(use)X
1904(of)X
2000(tick-)X
555 1276(ets)N
685(than)X
880(was)X
1045(available)X
1401(in)X
1497(version)X
1789(4.)X
555 1400(Each)N
770(ticket)X
1009(issued)X
1271(by)X
1386(the)X
8 s
1530(KDC)X
10 s
1704(is)X
1794(\257agged)X
2086(as)X
555 1496(having)N
864(been)X
1093(issued)X
1383(based)X
1650(on)X
1795(an)X
1943(initial)X
555 1592(ticket)N
827(exchange)X
1232(or)X
1368(an)X
1521(additional)X
1956(ticket)X
555 1688(exchange.)N
980(Some)X
1217(application)X
1664(servers)X
1969(\(such)X
555 1784(as)N
713(password)X
1138(changing)X
1553(programs\))X
2009(may)X
555 1880(require)N
893(that)X
1115(a)X
1226(client)X
1499(present)X
1845(a)X
1956(ticket)X
555 1976(obtained)N
903(by)X
1019(direct)X
1262(use)X
1417(of)X
1512(the)X
1660(client's)X
1947(secret)X
555 2072(key)N
716(K)X
7 s
778 2088(c)N
10 s
810 2072(,)N
861(so)X
967(that)X
1151(intruders)X
1529(who)X
1709(might)X
1957(try)X
2096(to)X
555 2168(abuse)N
832(that)X
1050(service)X
1370(cannot)X
1681(simply)X
1990(steal)X
555 2264(cached)N
871(credentials)X
1345(from)X
1584(an)X
1742(unattended)X
555 2360(user)N
739(session.)X
555 2484(Tickets)N
852(may)X
1036(be)X
1146(issued)X
1406(as)X
1513(renewable)X
1919(tickets)X
555 2580(with)N
746(two)X
903(expiration)X
1306(times,)X
1556(one)X
1709(for)X
1836(a)X
1903(time)X
2093(in)X
555 2676(the)N
698(near)X
890(future,)X
1166(and)X
1327(one)X
1478(for)X
1603(a)X
1669(farther)X
1954(point.)X
555 2772(The)N
733(ticket)X
980(expires)X
1282(like)X
1455(normal)X
1755(at)X
1865(the)X
2020(ear-)X
555 2868(lier)N
705(time,)X
917(but)X
1064(if)X
1139(it)X
1218(is)X
1303(presented)X
1691(to)X
1785(the)X
8 s
1924(KDC)X
10 s
2093(in)X
555 2964(a)N
675(renewal)X
1047(request)X
1400(before)X
1703(this)X
1921(earlier)X
555 3060(expiration)N
988(time,)X
1231(a)X
1329(replacement)X
1841(ticket)X
2105(is)X
555 3156(returned)N
924(which)X
1187(is)X
1290(valid)X
1514(for)X
1658(an)X
1792(additional)X
555 3252(period)N
825(of)X
928(time.)X
1175(The)X
8 s
1349(KDC)X
10 s
1531(will)X
1704(not)X
1860(renew)X
2123(a)X
555 3348(ticket)N
810(beyond)X
1116(the)X
1280(second)X
1572(expiration)X
1995(indi-)X
555 3444(cated)N
794(in)X
910(the)X
1072(ticket.)X
1369(This)X
1574(mechanism)X
2037(has)X
555 3540(the)N
721(advantage)X
1151(that)X
1352(although)X
1728(the)X
1893(creden-)X
555 3636(tials)N
752(can)X
916(be)X
1035(used)X
1242(for)X
1380(long)X
1572(periods)X
1877(of)X
1978(time,)X
555 3732(the)N
8 s
699(KDC)X
10 s
873(may)X
1059(refuse)X
1316(to)X
1415(renew)X
1670(tickets)X
1946(which)X
555 3828(are)N
709(reported)X
1057(as)X
1171(stolen)X
1426(and)X
1598(thereby)X
1914(thwart)X
555 3924(their)N
758(continued)X
1145(use.)X
555 4048(A)N
645(similar)X
940(mechanism)X
1394(is)X
1488(available)X
1854(to)X
1956(assist)X
555 4144(in)N
662(authentication)X
1238(during)X
1519(batch)X
1756(processing.)X
555 4240(A)N
659(ticket)X
915(issued)X
1194(as)X
1320(postdated)X
1726(and)X
1910(invalid)X
555 4336(will)N
724(not)X
876(be)X
992(valid)X
1207(until)X
1418(its)X
1542(post-dated)X
1961(start-)X
555 4432(ing)N
711(time)X
917(passes)X
1196(and)X
1373(it)X
1467(is)X
1567(replaced)X
1918(with)X
2123(a)X
555 4528(validated)N
941(ticket.)X
1238(The)X
1422(client)X
1670(validates)X
2047(the)X
555 4624(ticket)N
830(by)X
981(presenting)X
1441(it)X
1561(to)X
1696(the)X
8 s
1876(KDC)X
10 s
2086(as)X
555 4720(described)N
927(above)X
1160(for)X
1285(renewable)X
1687(tickets.)X
555 4844(Authentication)N
1162(forwarding)X
1620(can)X
1799(be)X
1933(imple-)X
555 4940(mented)N
885(by)X
1025(contacting)X
1462(the)X
8 s
1630(KDC)X
10 s
1828(with)X
2047(the)X
555 5036(additional)N
968(ticket)X
1216(exchange)X
1597(and)X
1773(requesting)X
555 5132(a)N
675(ticket)X
962(valid)X
1221(for)X
1400(a)X
1520(different)X
1917(set)X
2100(of)X
555 5228(addresses)N
941(than)X
1137(the)X
8 s
1276(TGT)X
10 s
1435(used)X
1630(in)X
1726(the)X
1868(request.)X
555 5324(The)N
8 s
726(KDC)X
10 s
905(will)X
1075(not)X
1227(issue)X
1447(such)X
1650(tickets)X
1930(unless)X
555 5420(the)N
705(presented)X
8 s
1095(TGT)X
10 s
1260(has)X
1419(a)X
1492(\257ag)X
1657(set)X
1794(indicating)X
555 5516(that)N
740(this)X
912(is)X
1004(a)X
1078(permissible)X
1534(use)X
1689(of)X
1785(the)X
1934(ticket.)X
555 5612(When)N
824(the)X
997(entity)X
1269(on)X
1411(the)X
1584(remote)X
1895(host)X
2105(is)X
555 5708(granted)N
905(only)X
1123(limited)X
1447(rights)X
1729(to)X
1861(use)X
2047(the)X
555 5804(authentication,)N
1167(the)X
1334(forwarded)X
1758(credentials)X
2399 672(are)N
2551(referred)X
2884(to)X
2987(as)X
3100(a)X
2 f
3176(proxy)X
1 f
3416(\(after)X
3652(the)X
3803(proxy)X
2399 768(used)N
2595(in)X
2693(legal)X
2894(and)X
3057(\256nancial)X
3402(affairs\).)X
3737(Proxies)X
2399 864(are)N
2548(handled)X
2876(similarly)X
3236(to)X
3336(forwarded)X
3741(tickets,)X
2399 960(except)N
2674(that)X
2868(new)X
3058(proxy)X
3305(tickets)X
3592(will)X
3768(not)X
3927(be)X
2399 1056(issued)N
2680(for)X
2829(a)X
2919(ticket-granting)X
3523(service;)X
3848(they)X
2399 1152(will)N
2579(only)X
2779(be)X
2905(issued)X
3181(for)X
3326(application)X
3779(server)X
2399 1248(tickets.)N
2399 1372(In)N
2509(certain)X
2799(situations,)X
3218(an)X
3340(application)X
3779(server)X
2399 1468(\(such)N
2628(as)X
2740(an)X
2864(X)X
2951(Window)X
3282(System)X
3585(server\))X
3874(will)X
2399 1564(not)N
2565(have)X
2787(reliable,)X
3134(protected)X
3526(access)X
3802(to)X
3918(an)X
2399 1660(encryption)N
2824(key)X
2985(necessary)X
3376(for)X
3508(normal)X
3802(parti-)X
2399 1756(cipation)N
2732(as)X
2850(a)X
2931(server)X
3200(in)X
3311(the)X
3468(authentication)X
2399 1852(exchanges.)N
2851(In)X
2959(such)X
3157(cases,)X
3399(if)X
3477(the)X
3623(server)X
3881(has)X
2399 1948(access)N
2653(to)X
2748(a)X
2816(user's)X
3055(ticket-granting)X
3637(ticket)X
3872(and)X
2399 2044(associated)N
2804(session)X
3094(key)X
3249(\(which)X
3521(in)X
3619(the)X
3763(case)X
3944(of)X
2399 2140(single-user)N
2849(workstations)X
3371(may)X
3571(well)X
3765(be)X
3891(the)X
2399 2236(case\),)N
2673(it)X
2797(can)X
2994(send)X
3234(the)X
3421(server's)X
3773(ticket-)X
2399 2332(granting)N
2776(ticket)X
3044(to)X
3172(the)X
3349(client,)X
3634(who)X
3842(then)X
2399 2428(presents)N
2778(it)X
2897(and)X
3099(the)X
3282(user's)X
3560(own)X
3773(ticket-)X
2399 2524(granting)N
2755(ticket)X
3002(to)X
3109(the)X
8 s
3261(KDC)X
10 s
3407(.)X
3487(The)X
8 s
3661(KDC)X
10 s
3842(then)X
2399 2620(issues)N
2649(a)X
2718(ticket)X
2954(encrypted)X
3346(in)X
3445(the)X
3590(session)X
3880(key)X
2399 2716(from)N
2598(the)X
2743(server's)X
3052(ticket-granting)X
3634(ticket;)X
3891(the)X
2399 2812(application)N
2856(server)X
3134(has)X
3310(the)X
3475(proper)X
3764(key)X
3940(to)X
2399 2908(decrypt)N
2729(and)X
2920(process)X
3243(this)X
3436(ticket.)X
3720([Dav90])X
2399 3004(provides)N
2751(details)X
3037(on)X
3164(the)X
3322(\256ne)X
3498(points)X
3764(of)X
3869(this)X
2399 3100(exchange.)N
3 f
2399 3292(Authorization)N
3007(data)X
1 f
2399 3416(Some)N
2650(network)X
3006(operating)X
3410(system)X
3718(applica-)X
2399 3512(tions)N
2631(need)X
2856(to)X
2977(provide)X
3302(tamper-proof)X
3835(arbi-)X
2399 3608(trary)N
2643(data)X
2862(to)X
2986(an)X
3132(application)X
3596(server)X
3881(\(for)X
2399 3704(example,)N
2776(such)X
2993(information)X
3476(might)X
3741(include)X
2399 3800(group)N
2644(membership)X
3134(information\).)X
3673(It)X
3767(is)X
3859(con-)X
2399 3896(venient)N
2700(to)X
2795(collect)X
3052(or)X
3152(generate)X
3498(such)X
3692(informa-)X
2399 3992(tion)N
2576(at)X
2683(a)X
8 s
2754(KDC)X
10 s
2931(and)X
3101(insert)X
3350(it)X
3437(into)X
3613(a)X
3688(ticket)X
3930(as)X
2 f
2399 4088(authorization)N
2943(data,)X
1 f
3176(where)X
3444(it)X
3541(is)X
3644(encrypted)X
2399 4184(and)N
2576(protected)X
2959(from)X
3170(any)X
3343(client)X
3586(or)X
3699(intruder)X
2399 4280(tampering.)N
2864(In)X
2981(the)X
3137(protocol's)X
3520(most)X
3734(general)X
2399 4376(form,)N
2640(a)X
2729(client)X
2980(may)X
3183(request)X
3505(that)X
3705(the)X
8 s
3865(KDC)X
10 s
2399 4472(include)N
2694(or)X
2795(add)X
2956(to)X
3052(such)X
3248(data)X
3437(in)X
3535(a)X
3603(new)X
3778(ticket.)X
2399 4568(The)N
8 s
2560(KDC)X
10 s
2729(does)X
2915(not)X
3058(remove)X
3351(any)X
3510(authorization)X
2399 4664(data)N
2591(from)X
2792(a)X
2863(ticket;)X
3123(the)X
8 s
3265(TGS)X
10 s
3424(always)X
3705(copies)X
3955(it)X
2399 4760(from)N
2602(the)X
8 s
2747(TGT)X
10 s
2912(into)X
3086(the)X
3235(new)X
3414(ticket,)X
3675(and)X
3842(then)X
2399 4856(adds)N
2618(any)X
2800(requested)X
3208(additional)X
3628(authoriza-)X
2399 4952(tion)N
2573(data.)X
2811(Upon)X
3040(decryption)X
3461(of)X
3557(a)X
3630(ticket,)X
3891(the)X
2399 5048(authorization)N
2925(data)X
3115(is)X
3201(available)X
3559(to)X
3654(the)X
3798(appli-)X
2399 5144(cation)N
2670(server.)X
2992(While)X
3255(Kerberos)X
3636(makes)X
3922(no)X
2399 5240(interpretation)N
2967(of)X
3079(these)X
3321(data,)X
3553(the)X
3718(applica-)X
2399 5336(tion)N
2578(server)X
2844(is)X
2939(expected)X
3294(to)X
3398(use)X
3557(the)X
3710(authori-)X
2399 5432(zation)N
2677(data)X
2893(to)X
3015(appropriately)X
3568(restrict)X
3891(the)X
2399 5528(client's)N
2680(access)X
2932(to)X
3025(its)X
3140(resources.)X
2399 5652(This)N
2596(\256eld)X
2789(can)X
2951(be)X
3068(used)X
3273(in)X
3380(a)X
3457(proxy)X
3697(ticket)X
3940(to)X
2399 5748(create)N
2665(a)X
2748(capability.)X
3193(The)X
3373(client)X
3617(requesting)X
2399 5844(the)N
2547(proxy)X
2783(ticket)X
3021(from)X
3222(the)X
8 s
3365(KDC)X
10 s
3538(speci\256es)X
3875(any)X
9 p
%%Page: 9 9
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2212 416(-)N
2261(9)X
2327(-)X
555 672(authorization)N
1084(restrictions)X
1535(in)X
1637(the)X
1784(authoriza-)X
555 768(tion)N
765(data,)X
1017(then)X
1251(securely)X
1622(transmits)X
2047(the)X
555 864(proxy)N
813(ticket)X
1074(and)X
1263(session)X
1578(key)X
1758(to)X
1878(another)X
555 960(entity,)N
843(which)X
1111(can)X
1286(then)X
1501(use)X
1673(the)X
1839(ticket)X
2096(to)X
555 1056(obtain)N
825(limited)X
1124(service)X
1417(from)X
1627(an)X
1756(application)X
555 1152(server.)N
859([Neu91])X
1204(discusses)X
1597(in)X
1720(more)X
1956(detail)X
555 1248(some)N
765(uses)X
950(of)X
1039(this)X
1203(\256eld.)X
3 f
555 1440(Pre-authentication)N
1372(data)X
1 f
555 1564(In)N
691(an)X
839(effort)X
1095(to)X
1221(help)X
1436(alleviate)X
1807(the)X
1981(ever-)X
555 1660(present)N
877(problem)X
1222(of)X
1332(stolen)X
1597(passwords,)X
2047(the)X
555 1756(Kerberos)N
913(version)X
1206(5)X
1272(protocol)X
1588(has)X
1740(\256elds)X
1959(avail-)X
555 1852(able)N
761(in)X
888(the)X
1060(initial-)X
1363(and)X
1554(additional-ticket)X
555 1948(exchange)N
949(messages)X
1348(to)X
1468(enable)X
1759(alternative)X
555 2044(identi\256cation)N
1085(methods,)X
1461(such)X
1672(as)X
1792(hand-held)X
555 2140(authenticators)N
1140(\(devices)X
1477(which)X
1741(have)X
1959(inter-)X
555 2236(nal)N
702(circuitry)X
1048(to)X
1148(help)X
1337(a)X
1409(user)X
1599(identify)X
1913(herself)X
555 2332(to)N
702(the)X
898(system\).)X
1304(In)X
1461(the)X
1657(initial)X
1956(ticket)X
555 2428(exchange,)N
972(these)X
1220(\256elds)X
1468(might)X
1738(be)X
1873(used)X
2096(to)X
555 2524(alter)N
760(the)X
909(client's)X
1197(key)X
1356(K)X
7 s
1418 2540(c)N
10 s
1478 2524(in)N
1580(which)X
1829(the)X
1977(reply)X
555 2620(is)N
670(encrypted;)X
1112(they)X
1328(may)X
1538(also)X
1736(be)X
1872(used)X
2096(to)X
555 2716(implement)N
1013(a)X
1116(challenge/response)X
1873(protocol)X
555 2812(which)N
856(must)X
1124(be)X
1287(completed)X
1741(before)X
2047(the)X
555 2908(issuance)N
902(of)X
999(a)X
1073(ticket.)X
1357(Both)X
1564(alternatives)X
2038(can)X
555 3004(help)N
763(alleviate)X
1128(the)X
1296(password)X
1692(attack)X
1974(prob-)X
555 3100(lems)N
781(discussed)X
1187(above,)X
1473(if)X
1577(they)X
1792(make)X
2047(the)X
555 3196(derivation)N
977(of)X
1087(the)X
1250(key)X
1424(from)X
1641(a)X
1728(typed)X
1976(pass-)X
555 3292(word)N
820(hard)X
1076(or)X
1233(impossible)X
1703(to)X
1854(compute)X
555 3388(without)N
871(the)X
1020(additional)X
1424(information)X
1889(utilised)X
555 3484(in)N
671(the)X
833(exchange,)X
1241(or)X
1359(if)X
1452(they)X
1656(eliminate)X
2047(the)X
555 3580(use)N
748(of)X
881(passwords)X
1332(to)X
1469(derive)X
1765(or)X
1907(protect)X
555 3676(encryption)N
972(keys.)X
555 3800(This)N
759(pre-authentication)X
1491(data)X
1695(\256eld)X
1894(is)X
1995(used)X
555 3896(by)N
712(the)X
902(client)X
1178(in)X
1322(the)X
1512(additional)X
1956(ticket)X
555 3992(exchange)N
928(to)X
1028(pass)X
1221(the)X
1370(ticket-granting)X
1956(ticket)X
555 4088(to)N
675(the)X
8 s
840(KDC)X
10 s
986(;)X
1057(since)X
1293(it)X
1398(is)X
1509(a)X
1602(variable-length)X
555 4184(array,)N
807(other)X
1030(values)X
1295(may)X
1480(also)X
1653(be)X
1764(sent)X
1947(in)X
2047(the)X
555 4280(additional-ticket)N
1190(exchange.)X
3 f
555 4472(Subsession)N
1037(key)X
1207(negotiation)X
1 f
555 4596(Tickets)N
860(may)X
1053(be)X
1171(cached)X
1456(by)X
1577(clients)X
1854(for)X
1991(later)X
555 4692(use)N
711(before)X
968(their)X
1179(expiration)X
1588(dates.)X
1859(In)X
1969(order)X
555 4788(to)N
679(avoid)X
930(problems)X
1322(caused)X
1626(by)X
1765(re-using)X
2123(a)X
555 4884(ticket's)N
856(session)X
1158(key)X
1326(\(which)X
1611(is)X
1710(held)X
1907(for)X
2047(the)X
555 4980(duration)N
928(of)X
1047(the)X
1219(user's)X
1486(login)X
1720(session\))X
2064(for)X
555 5076(several)N
860(application)X
1311(sessions,)X
1674(a)X
1757(server)X
2028(and)X
555 5172(client)N
799(can)X
965(cooperate)X
1355(to)X
1463(choose)X
1742(a)X
1823(new)X
2 f
2011(sub-)X
555 5268(session)N
848(key)X
1 f
1001(to)X
1104(protect)X
1396(just)X
1569(that)X
1756(application)X
555 5364(session.)N
903(This)X
1106(subsession)X
1540(key)X
1710(is)X
1811(discarded)X
555 5460(after)N
755(the)X
897(application)X
1330(session)X
1617(concludes.)X
555 5584(A)N
650(clever)X
907(use)X
1070(of)X
1174(this)X
1352(negotiation)X
1805(allows)X
2074(an)X
555 5680(application)N
1026(to)X
1157(use)X
1343(a)X
1447(broadcast)X
1865(medium)X
555 5776(while)N
808(protecting)X
1236(its)X
1380(messages)X
1780(to)X
1902(several)X
2399 672(recipients.)N
2853(The)X
3040(application)X
3495(can)X
3668(negotiate)X
2399 768(individually)N
2875(with)X
3073(each)X
3273(recipient)X
3632(to)X
3734(use)X
3891(the)X
2399 864(same)N
2633(subsession)X
3070(key)X
3242(before)X
3510(beginning)X
3918(its)X
2399 960(broadcasts.)N
3 f
2399 1152(Sequence)N
2818(numbers)X
1 f
2399 1276(Kerberos)N
2768(provides)X
3114(two)X
3280(messages)X
3662(for)X
3798(appli-)X
2399 1372(cations)N
2715(to)X
2839(protect)X
3152(their)X
3386(communications.)X
2399 1468(The)N
8 s
2607(KRB_SAFE)X
10 s
3026(message)X
3407(uses)X
3639(a)X
3752(crypto-)X
2399 1564(graphic)N
2708(checksum)X
3104(to)X
3205(insure)X
3471(data)X
3666(integrity.)X
2399 1660(The)N
8 s
2577(KRB_PRIV)X
10 s
2952(message)X
3304(uses)X
3506(encryption)X
3940(to)X
2399 1756(insure)N
2669(integrity)X
3026(and)X
3199(privacy.)X
3550(In)X
3664(version)X
3967(4)X
2399 1852(these)N
2638(messages)X
3029(included)X
3387(as)X
3509(control)X
3807(infor-)X
2399 1948(mation)N
2694(a)X
2772(timestamp)X
3202(and)X
3375(the)X
3529(sender's)X
3864(net-)X
2399 2044(work)N
2617(address.)X
2979(With)X
3194(version)X
3496(5,)X
3594(an)X
3718(applica-)X
2399 2140(tion)N
2600(may)X
2814(elect)X
3042(to)X
3169(use)X
3351(a)X
3451(timestamp)X
3903(\(as)X
2399 2236(before\))N
2676(or)X
2775(a)X
2842(sequence)X
3200(number.)X
3556(If)X
3638(the)X
3780(times-)X
2399 2332(tamp)N
2621(is)X
2713(used,)X
2937(the)X
3086(receiver)X
3411(must)X
3628(record)X
3891(the)X
2399 2428(known)N
2674(timestamps)X
3134(to)X
3232(avoid)X
3457(replay)X
3718(attacks;)X
2399 2524(if)N
2486(a)X
2565(sequence)X
2935(number)X
3259(is)X
3355(used)X
3561(the)X
3715(receiver)X
2399 2620(must)N
2611(verify)X
2849(that)X
3028(the)X
3172(messages)X
3545(arrive)X
3793(in)X
3891(the)X
2399 2716(proper)N
2710(order)X
2974(without)X
3327(gaps.)X
3607(There)X
3891(are)X
2399 2812(situations)N
2793(where)X
3046(one)X
3201(choice)X
3453(makes)X
3718(applica-)X
2399 2908(tions)N
2623(simpler)X
2945(\(or)X
3090(even)X
3303(possible\))X
3665(to)X
3777(imple-)X
2399 3004(ment;)N
2634(see)X
2773(the)X
2915(discussions)X
3355(in)X
3473([Koh90].)X
3 f
2399 3196(4.)N
2511(Implementation)X
3202(features)X
2399 3416(4.1.)N
2579(The)X
2760(base)X
2969(implementation)X
1 f
2399 3540(The)N
8 s
2580(MIT)X
10 s
2752(implementation)X
3382(of)X
3492(the)X
3655(version)X
3967(5)X
2399 3636(protocols)N
2771(is)X
2874(composed)X
3271(of)X
3378(several)X
3683(run-time)X
2399 3732(libraries)N
2749(with)X
2954(which)X
3213(a)X
3294(program)X
3647(may)X
3842(link.)X
2399 3828(The)N
2571(core)X
2753(library)X
3036(functions)X
3409(will)X
3576(probably)X
3927(be)X
2399 3924(used)N
2606(by)X
2727(all)X
2855(applications;)X
3359(other)X
3589(libraries)X
3935(or)X
2399 4020(subsystems)N
2857(may)X
3047(be)X
3163(replaced)X
3508(or)X
3615(omitted)X
3930(as)X
2399 4116(needed)N
2689(by)X
2805(an)X
2927(application)X
3367(programmer.)X
3903(All)X
2399 4212(code)N
2583(is)X
2667(currently)X
3034(written)X
3330(in)X
3426("C.")X
3 f
2399 4336(The)N
2603(base)X
2835(functions:)X
1 f
3294(The)X
3480(core)X
3676(Kerberos)X
2599 4432(library)N
2902(contains)X
3263(the)X
3433(routines)X
3790(which)X
2599 4528(assemble,)N
3004(disassemble)X
3494(and)X
3677(interpret)X
2599 4624(the)N
2750(network)X
3087(messages.)X
3510(This)X
3704(includes)X
8 s
2599 4720(ASN.1)N
10 s
2851(encoding)X
3239(and)X
3438(decoding)X
3823(func-)X
2599 4816(tions)N
2811(which)X
3062(convert)X
3367(from)X
3571(a)X
3644(machine's)X
2599 4912(native)N
2871(format)X
3159(to)X
3269(the)X
3428(network)X
3773(encod-)X
2599 5008(ing)N
2775(\(currently)X
3206(based)X
3476(on)X
3624(the)X
8 s
3799(ISODE)X
10 s
2599 5104(library,)N
2918(but)X
3086(used)X
3302(in)X
3420(a)X
3508(way)X
3701(to)X
3815(allow)X
2599 5200(easy)N
2816(replacement)X
3327(of)X
3447(the)X
8 s
3615(ASN.1)X
10 s
3859(rou-)X
2599 5296(tines\),)N
2901(routines)X
3279(which)X
3571(verify)X
3856(that)X
2599 5392(requests)N
2963(are)X
3133(answered)X
3537(as)X
3667(expected,)X
2599 5488(and)N
2763(routines)X
3094(to)X
3189(determine)X
3591(which)X
3836(mes-)X
2599 5584(sages)N
2833(are)X
2986(necessary.)X
3424(This)X
3620(core)X
3804(set)X
3944(of)X
2599 5680(routines)N
2955(calls)X
3171(out)X
3340(to)X
3460(the)X
3629(remaining)X
2599 5776(portions)N
2932(of)X
3027(the)X
3175(library)X
3456(as)X
3565(required.)X
3953(A)X
10 p
%%Page: 10 10
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(10)X
2349(-)X
755 672(programmer)N
1263(may)X
1466(replace)X
1777(those)X
2018(por-)X
755 768(tions)N
959(at)X
1056(certain)X
1339(speci\256ed)X
1680(interfaces.)X
3 f
555 892(Encryption)N
1112(routines:)X
1 f
1570(Since)X
1855(multiple)X
755 988(encryption)N
1174(types)X
1395(may)X
1577(be)X
1685(in)X
1783(use)X
1933(simul-)X
755 1084(taneously,)N
1207(the)X
1399(core)X
1623(functions)X
2037(call)X
755 1180(encryption)N
1196(routines)X
1548(through)X
1890(a)X
1979(func-)X
755 1276(tion)N
931(table)X
1146(which)X
1397(has)X
1557(entries)X
1845(provided)X
755 1372(by)N
869(each)X
1065(encryption)X
1487(system)X
1773(implemen-)X
755 1468(tation.)N
1053(Table)X
1293(1)X
1371(shows)X
1630(the)X
1784(\256elds)X
2015(in)X
2123(a)X
755 1564(cryptosystem)N
1296(table)X
1530(entry.)X
1823(The)X
2015(core)X
755 1660(library)N
1049(provides)X
1403(a)X
1488(default)X
1791(cryptosys-)X
755 1756(tem)N
920(table,)X
1149(initialised)X
1544(to)X
1637(list)X
1777(the)X
1919(known)X
755 1852(encryption)N
1175(types.)X
1440(A)X
1522(programmer)X
2009(may)X
755 1948(load)N
960(his)X
1121(own)X
1322(cryptosystem)X
1863(table)X
2096(to)X
755 2044(replace)N
1071(the)X
1240(default)X
1550(table)X
1782(and)X
1969(avoid)X
755 2140(linking)N
1070(with)X
1288(the)X
1459(default)X
1772(encryption)X
755 2236(libraries.)N
755 2428(In)N
862(an)X
981(attempt)X
1301(to)X
1398(alleviate)X
1741(some)X
1955(possi-)X
755 2524(ble)N
917(export)X
1206(restrictions,)X
8 s
1699(MIT)X
10 s
1828('s)X
1933(imple-)X
755 2620(mentation)N
1183(distributes)X
1632(its)X
1772(encryption)X
755 2716(systems)N
1197(separately)X
1728(from)X
2047(the)X
755 2812(remainder)N
1169(of)X
1263(the)X
1410(system.)X
1740(Only)X
8 s
1942(DES)X
10 s
2105(is)X
755 2908(currently)N
1122(available)X
1478(from)X
8 s
1670(MIT)X
10 s
1799(.)X
3 f
555 3032(Checksum)N
1017(routines:)X
1 f
1420(In)X
1531(a)X
1604(similar)X
1896(fashion)X
755 3128(to)N
871(the)X
1036(encryption)X
1476(routines,)X
1850(the)X
2015(core)X
755 3224(routines)N
1115(call)X
1298(any)X
1487(needed)X
1801(checksum)X
755 3320(functions)N
1152(through)X
1503(a)X
1601(function)X
1961(table,)X
755 3416(and)N
966(compute)X
1350(any)X
1557(necessary)X
1990(sizes)X
755 3512(based)N
992(on)X
1107(the)X
1253(information)X
1716(in)X
1816(the)X
1961(table.)X
755 3608(Certain)N
1121(applications)X
1652(of)X
1801(checksum)X
755 3704(technology)N
1178(require)X
1474(that)X
1655(the)X
1801(checksum)X
755 3800(have)N
988(certain)X
1306(properties.)X
1784(The)X
1983(table)X
755 3896(entry)N
1009(indicates)X
1396(whether)X
1757(the)X
1931(check-)X
755 3992(sum)N
959(is)X
1068(keyed)X
1332(\(its)X
1499(algorithm)X
1910(is)X
2018(per-)X
755 4088(turbed)N
1049(by)X
1184(an)X
1325(encryption)X
1768(key)X
1946(which)X
755 4184(cannot)N
1037(be)X
1154(discovered)X
1575(with)X
1774(knowledge)X
755 4280(only)N
947(of)X
1049(the)X
1204(algorithm)X
1603(and)X
1777(the)X
1931(check-)X
755 4376(summed)N
1094(text\))X
1291(and)X
1455(whether)X
1787(the)X
1931(check-)X
755 4472(sum)N
948(is)X
1046(collision)X
1384(proof)X
1608(\(it)X
1726(is)X
1823(computa-)X
755 4568(tionally)N
1084(infeasible)X
1486(to)X
1603(discover)X
1952(a)X
2042(dif-)X
755 4664(ferent)N
1020(checksum)X
1428(text)X
1614(which)X
1876(has)X
2047(the)X
755 4760(same)N
985(checksum\).)X
1460(Table)X
1704(2)X
1785(shows)X
2047(the)X
755 4856(\256elds)N
979(in)X
1080(a)X
1151(checksum)X
1544(table)X
1755(entry.)X
2025(The)X
755 4952(core)N
965(library)X
1276(provides)X
1646(a)X
1747(replaceable)X
755 5048(default)N
1039(checksum)X
1427(table.)X
755 5240(Three)N
1003(checksums)X
1436(are)X
1585(currently)X
1959(avail-)X
755 5336(able)N
956(from)X
8 s
1174(MIT)X
10 s
1303(:)X
1373(the)X
8 s
1537(CRC-32)X
10 s
(,)S
1837(which)X
2105(is)X
755 5432(neither)N
1057(keyed)X
1306(nor)X
1463(collision)X
1796(proof)X
2016(\(but)X
755 5528(it)N
837(is)X
925(useful)X
1178(for)X
1307(integrity)X
1655(checks)X
1926(within)X
755 5624(encryption)N
1177(systems\);)X
1549(the)X
8 s
1692(DES)X
10 s
1855(message)X
755 5720(authentication)N
1347(code)X
1558(\()X
8 s
1585(MAC)X
10 s
1737(\),)X
1835(which)X
2105(is)X
755 5816(both)N
967(keyed)X
1232(and)X
1419(collision)X
1769(proof,)X
2028(and)X
8 s
2599 672(MD4)N
10 s
2786([Riv90],)X
3117(which)X
3378(is)X
3480(collision)X
3822(proof)X
2599 768(but)N
2745(not)X
2887(keyed.)X
3 f
2399 892(Credentials)N
2925(cache)X
3204(and)X
3401(key)X
3589(table)X
3838(rou-)X
2599 988(tines:)N
1 f
2857(When)X
3104(clients)X
3378(store)X
3593(tickets)X
3872(and)X
2599 1084(credentials)N
3047(in)X
3160(a)X
3243(cache,)X
3509(the)X
3668(core)X
3859(rou-)X
2599 1180(tines)N
2827(call)X
3003(out)X
3169(through)X
3512(a)X
3602(credentials)X
2599 1276(cache)N
2827(table)X
3034(entry)X
3256(to)X
3350(a)X
3417(separate)X
3758(library)X
2599 1372(module)N
2896(which)X
3143(implements)X
3604(the)X
3750(storing)X
2599 1468(and)N
2762(searching)X
3145(routines)X
3476(for)X
3602(credentials)X
2599 1564(caches)N
2866(\(see)X
3035(Table)X
3266(3\).)X
3406(An)X
3538(environment)X
2599 1660(variable)N
2947(can)X
3123(be)X
3254(used)X
3473(to)X
3591(specify)X
3891(the)X
2599 1756(default)N
2891(type)X
3081(and)X
3249(location)X
3568(of)X
3664(a)X
3737(creden-)X
2599 1852(tials)N
2823(cache,)X
3112(so)X
3251(a)X
3357(user)X
3581(can)X
3771(switch)X
2599 1948(between)N
2936(different)X
3288(types)X
3515(and)X
3684(locations)X
2599 2044(of)N
2694(caches)X
2964(as)X
3073(needed)X
3362(\(perhaps)X
3715(if)X
3795(she)X
3949(is)X
2599 2140(working)N
2951(in)X
3074(two)X
3256(roles)X
3482(and)X
3669(wants)X
3940(to)X
2599 2236(keep)N
2833(the)X
3012(credentials)X
3480(for)X
3642(each)X
3870(role)X
2599 2332(separate\).)N
8 s
3021(MIT)X
10 s
3150('s)X
3239(implementation)X
3862(pro-)X
2599 2428(vides)N
2850(two)X
3043(credentials)X
3512(cache)X
3777(imple-)X
2599 2524(mentations,)N
3070(one)X
3231(built)X
3437(on)X
3558(C)X
3647("standard)X
2599 2620(I/O")N
2786(routines)X
3133(and)X
3312(the)X
3472(other)X
3708(built)X
3922(on)X
9 s
2599 2716(UNIX)N
10 s
2820(\256le-descriptor)X
3357(semantics.)X
3793(Other)X
2599 2812(implementations)N
3381(could)X
3735(provide)X
2599 2908(shared-memory)N
3273(or)X
3442(kernel-resident)X
2599 3004(caches.)N
2599 3196(Servers)N
2942(likewise)X
3305(store)X
3550(their)X
3791(secret)X
2599 3292(keys)N
2796(K)X
7 s
2858 3308(s)N
10 s
2920 3292(in)N
3023(key)X
3183(tables)X
3432(accessed)X
3776(by)X
3891(the)X
2599 3388(core)N
2811(routines)X
3178(through)X
3534(a)X
3637(key)X
3827(table)X
2599 3484(function)N
2961(table)X
3201(entry)X
3456(\(see)X
3656(Table)X
3918(4\).)X
8 s
2599 3580(MIT)N
10 s
2728('s)X
2820(implementation)X
3446(provides)X
3798(a)X
3880(key)X
2599 3676(table)N
2807(library)X
3084(built)X
3282(on)X
3395(C)X
3477("standard)X
3864(I/O")X
2599 3772(routines.)N
3 f
8 s
2399 3896(KDC)N
10 s
2605(database)X
3027(support:)X
1 f
3425(All)X
3583(accesses)X
3940(to)X
2599 3992(the)N
8 s
2761(KDC)X
10 s
2907('s)X
3006(principal)X
3384(database)X
3759(by)X
3891(the)X
8 s
2599 4088(KDC)N
10 s
2772(and)X
2938(administrative)X
3512(programs)X
3891(are)X
2599 4184(mediated)N
2969(by)X
3083(a)X
3154(database)X
3511(library)X
3790(which)X
2599 4280(can)N
2799(be)X
2953(replaced)X
3336(if)X
3458(needed.)X
8 s
3829(MIT)X
10 s
3958('s)X
2599 4376(implementation)N
3230(uses)X
3437(the)X
9 s
3599(UNIX)X
2 f
10 s
3840(dbm)X
1 f
2599 4472(database)N
2954(system.)X
3282(Since)X
2 f
3507(dbm)X
1 f
3703(does)X
3891(not)X
2599 4568(do)N
2720(any)X
2891(record)X
3159(or)X
3269(database)X
3633(locking,)X
3955(it)X
2599 4664(is)N
2708(augmented)X
3168(with)X
3381(separate)X
3745(locking)X
2599 4760(code)N
2795(to)X
2900(mediate)X
3231(between)X
3571(writers)X
3872(and)X
2599 4856(readers.)N
3029(Administrative)X
3697(requests)X
2599 4952(\(e.g.)N
2782(adding)X
3064(entries,)X
3373(changing)X
3739(keys)X
3935(or)X
2599 5048(passwords\))N
3033(can)X
3184(be)X
3290(handled)X
3611(on-line.)X
3 f
2399 5172(Operating)N
2863(system)X
3187(support:)X
1 f
3573(Although)X
3955(it)X
2599 5268(is)N
2691(targeted)X
3032(for)X
9 s
3163(UNIX)X
10 s
3390(systems,)X
3737(the)X
8 s
3882(MIT)X
10 s
2599 5364(implementation)N
3238(is)X
3351(careful)X
3659(to)X
3781(access)X
2599 5460(operating)N
2997(system)X
3300(features)X
3648(only)X
3849(in)X
3967(a)X
2599 5556(few)N
2823(well-contained)X
3457(modules.)X
3904(An)X
2599 5652(operating)N
2981(system)X
3268(support)X
3581(library)X
3862(per-)X
2599 5748(forms)N
2837(all)X
2957(the)X
3103(accesses)X
3436(required)X
3778(by)X
3891(the)X
2599 5844(rest)N
2765(of)X
2854(the)X
2996(code,)X
3202(such)X
3395(as)X
3498(transmitting)X
11 p
%%Page: 11 11
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(11)X
2349(-)X
10 f
575 592(i)N
591(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
2 f
863 688(Field)N
1077(name)X
2631(Field)X
2845(use)X
1 f
10 f
575 704(i)N
591(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
7 f
615 800(encrypt_func\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(encrypt)X
2495(an)X
2610(input.)X
7 f
615 896(decrypt_func\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(decrypt)X
2492(an)X
2607(input.)X
7 f
615 992(process_key\(\))N
1 f
1647(Entry)X
1888(point)X
2103(to)X
2198(perform)X
2518(any)X
2678(necessary)X
3063(key)X
3217(processing)X
3629(\(must)X
3867(be)X
1647 1088(called)N
1885(before)X
2134(either)X
7 f
2403(encrypt_func)X
1 f
3001(or)X
7 f
3125(decrypt_func)X
1 f
(\).)S
7 f
615 1184(finish_key\(\))N
1 f
1647(Entry)X
1893(point)X
2113(to)X
2213(clean)X
2436(up)X
2560(from)X
2762(any)X
2926(key)X
3085(processing)X
3502(\(called)X
3773(after)X
7 f
1647 1280(encrypt_func)N
1 f
2245(or)X
7 f
2369(decrypt_func)X
1 f
(\).)S
7 f
615 1376(string_to_key\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(convert)X
2489(a)X
2555(string)X
2798(to)X
2891(a)X
2957(key.)X
7 f
615 1472(init_random_key\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(initialise)X
2540(state)X
2745(for)X
2870(generating)X
3292(random)X
3600(keys.)X
7 f
615 1568(finish_random_key\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(clean)X
2408(up)X
2525(state)X
2730(from)X
2926(random)X
3234(key)X
3387(generation.)X
7 f
615 1664(random_key\(\))N
1 f
1647(Entry)X
1886(point)X
2099(to)X
2192(generate)X
2537(a)X
2603(random)X
2911(key.)X
7 f
615 1760(block_length)N
1 f
1647(The)X
1812(minimum)X
2196(size)X
2359(of)X
2449(input)X
2672(and)X
2833(output)X
3101(for)X
3226(this)X
3390(encryption)X
3807(sys-)X
1647 1856(tem.)N
7 f
615 1952(pad_minimum)N
1 f
1647(The)X
1824(minimum)X
2220(padding)X
2554(space)X
2792(required)X
3142(of)X
3243(any)X
3413(input)X
3647(\(used)X
3880(to)X
1647 2048(insert)N
1887(integrity)X
2232(checks\).)X
7 f
615 2144(keysize)N
1 f
1647(The)X
1811(length)X
2070(\(in)X
2193(octets\))X
2457(of)X
2546(keys)X
2736(used)X
2930(by)X
3039(this)X
3203(system.)X
7 f
615 2240(proto_enctype)N
1 f
1647(The)X
1811(encryption)X
2228(type)X
2410(value)X
2633(used)X
2827(in)X
2923(the)X
3065(protocol.)X
7 f
615 2336(proto_keytype)N
1 f
1647(The)X
1811(key)X
1964(type)X
2146(value)X
2369(used)X
2563(in)X
2659(the)X
2801(protocol.)X
10 f
575 2352(i)N
591(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
575(c)X
2272(c)Y
2192(c)Y
2112(c)Y
2032(c)Y
1952(c)Y
1872(c)Y
1792(c)Y
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
1587 2352(c)N
2272(c)Y
2192(c)Y
2112(c)Y
2032(c)Y
1952(c)Y
1872(c)Y
1792(c)Y
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
3991 2352(c)N
2272(c)Y
2192(c)Y
2112(c)Y
2032(c)Y
1952(c)Y
1872(c)Y
1792(c)Y
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
3 f
1628 2496(Table)N
1883(1:)X
2 f
1973(A)X
2051(cryptosystem)X
2546(table)X
2749(entry)X
1 f
10 f
599 2656(i)N
607(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
2 f
863 2752(Field)N
1077(name)X
2607(Field)X
2821(use)X
1 f
10 f
599 2768(i)N
607(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
7 f
639 2864(sum_func\(\))N
1 f
1623(Entry)X
1862(point)X
2075(for)X
2200(the)X
2342(checksum)X
2730(function.)X
7 f
639 2960(checksum_length)N
1 f
1623(The)X
1819(length)X
2110(\(in)X
2265(octets\))X
2561(of)X
2682(the)X
2856(checksum)X
3275(produced)X
3667(by)X
3807(the)X
7 f
1623 3056(sum_func)N
1 f
(.)S
7 f
639 3152(is_collision_proof)N
1 f
1623(Binary)X
1921(value)X
2165(indicating)X
2580(whether)X
2929(this)X
3113(checksum)X
3521(is)X
3625(collision)X
1623 3248(proof.)N
7 f
639 3344(uses_key)N
1 f
1623(Binary)X
1900(value)X
2123(indicating)X
2518(whether)X
2847(this)X
3011(checksum)X
3399(is)X
3483(keyed.)X
10 f
599 3360(i)N
607(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
599(c)X
3296(c)Y
3216(c)Y
3136(c)Y
3056(c)Y
2976(c)Y
2896(c)Y
2816(c)Y
2736(c)Y
1563 3360(c)N
3296(c)Y
3216(c)Y
3136(c)Y
3056(c)Y
2976(c)Y
2896(c)Y
2816(c)Y
2736(c)Y
3967 3360(c)N
3296(c)Y
3216(c)Y
3136(c)Y
3056(c)Y
2976(c)Y
2896(c)Y
2816(c)Y
2736(c)Y
3 f
1686 3504(Table)N
1941(2:)X
2 f
2031(A)X
2109(checksum)X
2488(table)X
2691(entry)X
1 f
10 f
719 3664(i)N
727(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
2 f
863 3760(Field)N
1077(name)X
2487(Field)X
2701(use)X
1 f
10 f
719 3776(i)N
727(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
7 f
759 3872(prefix)N
1 f
1503(The)X
1690(string)X
1956(pre\256x)X
2215(used)X
2432(to)X
2547(name)X
2795(this)X
2981(variety)X
3287(of)X
3398(credentials)X
1503 3968(cache.)N
7 f
759 4064(get_name\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(return)X
2311(the)X
2453(name)X
2679(of)X
2768(a)X
2834(key)X
2987(table.)X
7 f
759 4160(resolve\(\))N
1 f
1503(Entry)X
1745(point)X
1961(to)X
2057(reserve)X
2354(a)X
2423(cache)X
2653(name,)X
2904(prepare)X
3217(to)X
3312(access)X
3566(it,)X
3668(and)X
1503 4256(return)N
1766(an)X
1881(access)X
2133(handle.)X
7 f
759 4352(gen_new\(\))N
1 f
1503(Entry)X
1743(point)X
1957(to)X
2051(generate)X
2397(a)X
2464(unique)X
2743(credentials)X
3175(cache,)X
3425(prepare)X
3736(to)X
1503 4448(access)N
1755(it,)X
1855(and)X
2016(return)X
2279(an)X
2394(access)X
2646(handle.)X
7 f
759 4544(init\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(create)X
2297(or)X
2395(erase)X
2614(a)X
2680(cache.)X
7 f
759 4640(destroy\(\))N
1 f
1503(Entry)X
1748(point)X
1967(to)X
2066(destroy)X
2366(a)X
2437(cache)X
2669(and)X
2835(invalidate)X
3234(the)X
3381(access)X
3638(han-)X
1503 4736(dle.)N
7 f
759 4832(close\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(close)X
2248(a)X
2314(cache)X
2541(and)X
2702(invalidate)X
3096(the)X
3238(access)X
3490(handle.)X
7 f
759 4928(store\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(store)X
2254(an)X
2369(entry)X
2590(in)X
2686(the)X
2828(cache.)X
7 f
759 5024(retrieve\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(retrieve)X
2361(an)X
2476(entry)X
2697(from)X
2893(the)X
3035(cache.)X
7 f
759 5120(get_princ\(\))N
1 f
1503(Entry)X
1758(point)X
1987(to)X
2096(retrieve)X
2425(the)X
2582(primary)X
2920(principal)X
3289(named)X
3576(in)X
3687(the)X
1503 5216(cache.)N
7 f
759 5312(get_first\(\))N
1 f
1503(Entry)X
1751(point)X
1973(to)X
2074(prepare)X
2392(to)X
2493(sequentially)X
2975(read)X
3171(all)X
3295(entries)X
3583(in)X
3687(the)X
1503 5408(cache.)N
7 f
759 5504(get_next\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(read)X
2236(the)X
2378(next)X
2563(entry)X
2784(in)X
2880(the)X
3022(cache.)X
7 f
759 5600(end_get\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(stop)X
2224(reading)X
2529(every)X
2753(entry)X
2974(in)X
3070(the)X
3212(cache.)X
7 f
759 5696(remove_cred\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(remove)X
2340(an)X
2455(entry)X
2676(or)X
2774(entries)X
3054(from)X
3250(the)X
3392(cache.)X
7 f
759 5856(set_flags\(\))N
1 f
1503(Entry)X
1742(point)X
1955(to)X
2048(set)X
2178(various)X
2474(\257ags)X
2669(for)X
2794(the)X
2936(cache)X
3163(routines.)X
10 f
719 5872(i)N
727(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
719(c)X
5824(c)Y
5744(c)Y
5664(c)Y
5584(c)Y
5504(c)Y
5424(c)Y
5344(c)Y
5264(c)Y
5184(c)Y
5104(c)Y
5024(c)Y
4944(c)Y
4864(c)Y
4784(c)Y
4704(c)Y
4624(c)Y
4544(c)Y
4464(c)Y
4384(c)Y
4304(c)Y
4224(c)Y
4144(c)Y
4064(c)Y
3984(c)Y
3904(c)Y
3824(c)Y
3744(c)Y
1443 5872(c)N
5824(c)Y
5744(c)Y
5664(c)Y
5584(c)Y
5504(c)Y
5424(c)Y
5344(c)Y
5264(c)Y
5184(c)Y
5104(c)Y
5024(c)Y
4944(c)Y
4864(c)Y
4784(c)Y
4704(c)Y
4624(c)Y
4544(c)Y
4464(c)Y
4384(c)Y
4304(c)Y
4224(c)Y
4144(c)Y
4064(c)Y
3984(c)Y
3904(c)Y
3824(c)Y
3744(c)Y
3847 5872(c)N
5824(c)Y
5744(c)Y
5664(c)Y
5584(c)Y
5504(c)Y
5424(c)Y
5344(c)Y
5264(c)Y
5184(c)Y
5104(c)Y
5024(c)Y
4944(c)Y
4864(c)Y
4784(c)Y
4704(c)Y
4624(c)Y
4544(c)Y
4464(c)Y
4384(c)Y
4304(c)Y
4224(c)Y
4144(c)Y
4064(c)Y
3984(c)Y
3904(c)Y
3824(c)Y
3744(c)Y
3 f
1549 6016(Table)N
1804(3:)X
2 f
1894(A)X
1972 0.3375(credentials)AX
2400(cache)X
2625(table)X
2828(entry)X
12 p
%%Page: 12 12
10 s 0 xH 0 xS 2 f
1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(12)X
2349(-)X
10 f
671 592(i)N
695(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
2 f
863 688(Field)N
1077(name)X
2535(Field)X
2749(use)X
1 f
10 f
671 704(i)N
695(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
7 f
711 800(resolve\(\))N
1 f
1551(Entry)X
1797(point)X
2017(to)X
2117(resolve)X
2407(a)X
2479(key)X
2638(table)X
2850(name,)X
3104(prepare)X
3420(to)X
3519(access)X
3777(it,)X
1551 896(and)N
1712(return)X
1975(an)X
2090(access)X
2342(handle.)X
7 f
711 992(get_name\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(return)X
2359(the)X
2501(name)X
2727(of)X
2816(a)X
2882(key)X
3035(table.)X
7 f
711 1088(close\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(close)X
2296(a)X
2362(key)X
2515(table)X
2721(and)X
2882(invalidate)X
3276(its)X
3391(handle.)X
7 f
711 1184(get\(\))N
1 f
1551(Entry)X
1805(point)X
2032(to)X
2139(search)X
2417(the)X
2573(key)X
2740(table)X
2960(and)X
3135(return)X
3412(a)X
3492(requested)X
1551 1280(entry.)N
7 f
711 1376(start_seq_get\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(prepare)X
2406(to)X
2499(read)X
2687(every)X
2911(key)X
3064(in)X
3160(the)X
3302(table.)X
7 f
711 1472(get_next\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(read)X
2284(the)X
2426(next)X
2611(key)X
2764(in)X
2860(the)X
3002(table.)X
7 f
711 1568(end_get\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(stop)X
2272(reading)X
2577(every)X
2801(key)X
2954(in)X
3050(the)X
3192(table.)X
10 f
671 1584(i)N
695(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
7 f
711 1680(add\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(add)X
2254(an)X
2369(entry)X
2590(to)X
2683(the)X
2825(table.)X
7 f
711 1776(remove\(\))N
1 f
1551(Entry)X
1790(point)X
2003(to)X
2096(delete)X
2340(an)X
2455(entry)X
2676(from)X
2872(the)X
3014(table.)X
10 f
671 1792(i)N
695(iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii)X
671(c)X
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
1491 1792(c)N
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
3895 1792(c)N
1712(c)Y
1632(c)Y
1552(c)Y
1472(c)Y
1392(c)Y
1312(c)Y
1232(c)Y
1152(c)Y
1072(c)Y
992(c)Y
912(c)Y
832(c)Y
752(c)Y
672(c)Y
3 f
1539 1936(Table)N
1794(4:)X
2 f
1884(A)X
1962(key)X
2104(table)X
2307(function)X
2634(table)X
2837(entry)X
1 f
555 2128(and)N
734(receiving)X
1111(network)X
1457(messages,)X
1868(examin-)X
555 2224(ing)N
769(con\256guration)X
1356(\256les,)X
1625(checking)X
2047(the)X
555 2320(system's)N
957(time-of-day,)X
1490(translating)X
1993(from)X
555 2416(account)N
862(names)X
1125(to)X
1218(Kerberos)X
1575(names)X
1838(\(and)X
2 f
2026(vice)X
555 2512(versa)N
1 f
751(\),)X
915(and)X
1169(performing)X
1697(rudimentary)X
555 2608(account)N
862(access)X
1114(checks.)X
3 f
555 2800(4.2.)N
735(User)X
952(interaction)X
1 f
555 2924(If)N
649(all)X
778(parts)X
1007(of)X
1109(Kerberos)X
1479(are)X
1634(working)X
1972(prop-)X
555 3020(erly,)N
745(a)X
812(user)X
997(will)X
1157(normally)X
1513(not)X
1656(be)X
1763(aware)X
2012(that)X
555 3116(Kerberos)N
934(authentication)X
1521(is)X
1626(in)X
1743(use)X
1912(by)X
2042(her)X
555 3212(applications.)N
1112(The)X
1319(normal)X
1649(login)X
1895(process)X
555 3308(obtains)N
907(and)X
1127(caches)X
1450(an)X
1624(initial)X
1929(ticket-)X
555 3404(granting)N
903(ticket,)X
1164(and)X
1330(applications)X
1805(automati-)X
555 3500(cally)N
774(obtain)X
1053(and)X
1238(cache)X
1489(service)X
1792(tickets)X
2086(as)X
555 3596(required.)N
958(Only)X
1180(when)X
1423(authentication)X
2009(fails)X
555 3692(will)N
720(the)X
868(user)X
1058(become)X
1357(aware)X
1611(of)X
1705(the)X
1852(underly-)X
555 3788(ing)N
694(use)X
842(of)X
931(Kerberos.)X
555 3912(If)N
646(the)X
798(user)X
991(needs)X
1234(to)X
1336(refresh)X
1632(tickets)X
1911(\(say,)X
2115(if)X
555 4008(they)N
764(expire\),)X
1089(then)X
1304(she)X
1475(can)X
1649(use)X
1820(the)X
2 f
1985(kinit)X
1 f
555 4104(program,)N
955(which)X
1238(will)X
1437(get)X
1612(a)X
1717(new)X
1929(ticket-)X
555 4200(granting)N
905(ticket)X
1146(after)X
1353(reading)X
1665(her)X
1819(password)X
555 4296(from)N
763(the)X
917(keyboard.)X
1336(She)X
1509(may)X
1701(examine)X
2047(the)X
555 4392(cached)N
847(tickets)X
1136(with)X
2 f
1344(klist)X
1 f
1554(and)X
1734(destroy)X
2047(the)X
555 4488(cache)N
782(with)X
2 f
971(kdestroy.)X
1 f
555 4612(When)N
795(principal)X
1151(names)X
1416(need)X
1614(to)X
1708(be)X
1815(displayed)X
555 4708(to)N
667(human)X
970(users,)X
1232(by)X
1360(convention\262)X
1843(they)X
2047(are)X
555 4804(represented)N
1028(as)X
1141(the)X
1293(sequence)X
1660(of)X
1758(name)X
1993(com-)X
555 4900(ponents)N
887(separated)X
1291(by)X
1417(slashes)X
1725(\(/\),)X
1862(followed)X
555 4996(by)N
691(an)X
833(at-sign)X
1138(\(@\),)X
1322(and)X
1509(the)X
1677(realm)X
1941(name.)X
555 5092(Thus,)N
823(a)X
925(principal)X
1315(with)X
1540(two)X
1731(name)X
1993(com-)X
555 5188(ponents)N
7 f
905(jtkohl)X
1 f
1225(and)X
7 f
1422(role2)X
1 f
1694(in)X
1800(the)X
1951(realm)X
7 f
555 5284(ATHENA.MIT.EDU)N
1 f
1255(would)X
1505(be)X
1617(represented)X
2086(as)X
7 f
555 5380(jtkohl/role2@ATHENA.MIT.EDU)N
1 f
(.)S
8 s
10 f
555 5460(hhhhhhhhhhhhhhhhhh)N
1 f
555 5540(\262)N
613(Please)X
831(note)X
984(that)X
1134(this)X
1273(is)X
1348(only)X
1498(a)X
2 f
1559(convention,)X
1 f
1920(and)X
555 5620(other)N
735(implementations)X
1260(may)X
1411(display)X
1648(the)X
1767(principal)X
555 5700(names)N
767(differently.)X
3 f
10 s
2399 2128(Password)N
2826(to)X
2931(key)X
3101(conversion)X
1 f
2399 2252(Since)N
2638(users)X
2876(are)X
3035(not)X
3194(good)X
3402(at)X
3516(remembering)X
2399 2348(binary)N
2692(encryption)X
3138(keys,)X
3379(we)X
3532(provide)X
3859(rou-)X
2399 2444(tines)N
2615(to)X
2720(convert)X
3028(passwords)X
3446(into)X
3624(keys.)X
3869(The)X
2399 2540(algorithm)N
2796(used)X
3000(to)X
3103(convert)X
3410(a)X
3486(password)X
3866(into)X
2399 2636(an)N
2583(encryption)X
3068(key)X
3289(performs)X
3712(a)X
3846(non-)X
2399 2732(invertible)N
2844(transformation,)X
3513(so)X
3677(that)X
3918(an)X
2399 2828(attacker)N
2738(cannot)X
3016(discover)X
3348(a)X
3420(user's)X
3663(password)X
2399 2924(if)N
2480(he)X
2598(knows)X
2863(the)X
3011(K)X
7 s
3073 2940(c)N
10 s
3105 2924(.)N
3177(The)X
3347(conversion)X
3770(can)X
3927(be)X
2399 3020(seeded)N
2671(with)X
2861(an)X
2977(additional)X
3375(string)X
3619(which)X
3862(per-)X
2399 3116(turbs)N
2624(the)X
2772(output)X
3045(key,)X
3225(so)X
3329(that)X
3511(a)X
3582(user)X
3771(who)X
3949(is)X
2399 3212(registered)N
2803(in)X
2907(multiple)X
3249(realms)X
3531(and)X
3699(uses)X
3891(the)X
2399 3308(same)N
2622(password)X
3000(in)X
3104(two)X
3267(of)X
3364(those)X
3591(realms)X
3874(will)X
2399 3404(have)N
2600(a)X
2669(different)X
3015(K)X
7 s
3077 3420(c)N
10 s
3133 3404(in)N
3231(each)X
3424(realm.)X
3708(Without)X
2399 3500(this)N
2571(perturbation,)X
3094(someone)X
3441(discovering)X
3891(the)X
2399 3596(user's)N
2646(key)X
2809(in)X
2915(one)X
3076(realm)X
3324(could)X
3552(impersonate)X
2399 3692(that)N
2617(user)X
2842(in)X
2979(the)X
3161(other)X
3419(realm)X
3697(\(without)X
2399 3788(knowing)N
2762(her)X
2934(password!\).)X
3424(When)X
3687(no)X
3823(addi-)X
2399 3884(tional)N
2651(perturbation)X
3160(string)X
3419(is)X
3518(supplied,)X
3891(the)X
2399 3980(resulting)N
2771(key)X
2939(is)X
3038(the)X
3194(same)X
3422(as)X
3539(the)X
3695(key)X
3862(pro-)X
2399 4076(duced)N
2638(by)X
2747(the)X
2889(version)X
3181(4)X
3247(algorithm.)X
3 f
2399 4268(4.3.)N
2587(Compatibility)X
3194(support)X
3549(for)X
3700(version)X
2399 4364(4)N
1 f
2399 4488(There)N
2651(is)X
2747(a)X
2825(small)X
3060(but)X
3217(growing)X
3548(base)X
3746(of)X
3846(Ker-)X
2399 4584(beros)N
2623(version)X
2920(4)X
2991(applications,)X
3487(and)X
3652(a)X
3722(number)X
2399 4680(of)N
2530(sites)X
2764(running)X
3128(a)X
3236(Kerberos)X
3634(version)X
3967(4)X
2399 4776(authentication)N
2978(server.)X
3290(Several)X
3604(features)X
3944(of)X
8 s
2399 4872(MIT)N
10 s
2528('s)X
2610(implementation)X
3226(of)X
3322(version)X
3621(5)X
3694(can)X
3851(help)X
2399 4968(sites)N
2592(and)X
2754(programmers)X
3276(convert)X
3573(to)X
3666(using)X
3891(the)X
2399 5064(newer)N
2648(protocol.)X
3 f
2399 5188(Interface)N
2806(compatibility:)X
1 f
8 s
3411(MIT)X
10 s
3540('s)X
3617(implemen-)X
2599 5284(tation)N
2865(of)X
2978(version)X
3293(5)X
3382(includes)X
3734(a)X
3823("glue)X
2599 5380(library")N
2908(which)X
3154(may)X
3337(be)X
3445(used)X
3641(to)X
3736(convert)X
2599 5476(applications)N
3091(which)X
3356(are)X
3520(coded)X
3771(to)X
3885(use)X
2599 5572(the)N
2775(version)X
3101(4)X
3201(application)X
3668(program-)X
2599 5668(ming)N
2819(interface)X
3179(\(API\))X
3407(to)X
3509(use)X
3666(version)X
3967(5)X
2599 5764(protocol)N
2922(messages)X
3300(and)X
3468(routines.)X
3847(This)X
13 p
%%Page: 13 13
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(13)X
2349(-)X
755 672(library)N
1063(converts)X
1430(data)X
1650(structures)X
2086(as)X
755 768(much)N
996(as)X
1113(possible)X
1443(between)X
1784(the)X
1939(differ-)X
755 864(ing)N
933(version)X
1264(4)X
1369(and)X
1568(version)X
1898(5)X
2002(data)X
755 960(structures.)N
1210(In)X
1320(many)X
1556(cases)X
1779(\(especially)X
755 1056(those)N
984(that)X
1171(use)X
1328(only)X
1516(a)X
1591(common)X
1929(subset)X
755 1152(of)N
851(the)X
1000(version)X
1299(4)X
1372(library)X
1654(functions\),)X
2074(an)X
755 1248(application)N
1229(need)X
1466(only)X
1685(be)X
1831(re-linked)X
755 1344(with)N
945(this)X
1110(library)X
1386(and)X
1548(the)X
1691(remainder)X
2100(of)X
755 1440(the)N
919(version)X
1233(5)X
1321(code)X
1527(to)X
1641(use)X
1810(version)X
2123(5)X
755 1536(protocols.)N
1153(However,)X
1526(such)X
1719(applications)X
755 1632(will)N
952(no)X
1101(longer)X
1394(be)X
1538(compatible)X
2000(with)X
755 1728(older)N
1005(peer)X
1229(processes,)X
1662(which)X
1945(would)X
755 1824(still)N
944(expect)X
1226(the)X
1392(version)X
1707(4)X
1796(messages,)X
755 1920(and)N
941(continued)X
1353(maintenance)X
1878(may)X
2083(be)X
755 2016(made)N
978(more)X
1187(dif\256cult.)X
3 f
555 2140(A)N
645(generic)X
986(authentication)X
1633(interface:)X
1 f
2060(An)X
755 2236(authentication-system)N
1706(independent)X
755 2332(programming)N
1320(interface)X
1708([Lin90])X
2037(has)X
755 2428(been)N
1003(discussed)X
1431(by)X
1592(representatives)X
755 2524(from)N
1051(several)X
1438(computer)X
1908(system)X
755 2620(manufacturers.)N
8 s
1378(MIT)X
10 s
1545(provides)X
1895(a)X
1976(bind-)X
755 2716(ing)N
911(of)X
1017(this)X
1198(interface)X
1565(to)X
1674(the)X
1832(Kerberos)X
755 2812(version)N
1072(5)X
1163(implementation.)X
1841(For)X
2016(new)X
755 2908(applications)N
1258(which)X
1534(desire)X
1813(the)X
1988(most)X
755 3004(\257exibility)N
1143(to)X
1251(have)X
1464(different)X
1822(authenti-)X
755 3100(cation)N
1039(systems)X
1394(\(even)X
1651(ones)X
1875(not)X
2053(yet)X
755 3196(invented\))N
1129(supplied)X
1467(by)X
1578(the)X
1721(system,)X
2025(this)X
755 3292(offers)N
994(an)X
1118(attractive)X
1510(abstraction)X
1958(boun-)X
755 3388(dary.)N
1016(If)X
1123(an)X
1263(application)X
1721(needs)X
1980(more)X
755 3484(detailed)N
1152(access)X
1482(to)X
1652(a)X
1795(particular)X
755 3580(authentication)N
1328(system,)X
1638(it)X
1723(would)X
1974(prob-)X
755 3676(ably)N
937(do)X
1049(better)X
1296(to)X
1392(code)X
1579(to)X
1675(that)X
1855(system's)X
755 3772(native)N
1009(interface.)X
3 f
555 3896(Protocol)N
956(compatibility:)X
1 f
1582(For)X
1756(those)X
1997(sites)X
755 3992(which)N
1020(wish)X
1237(to)X
1351(convert)X
1669(the)X
1832(Kerberos)X
755 4088(server)N
1020(to)X
1124(provide)X
1433(the)X
1586(features)X
1922(of)X
2021(ver-)X
755 4184(sion)N
944(5,)X
1048(a)X
1130(compatibility)X
1654(mode)X
1888(may)X
2083(be)X
755 4280(enabled)N
1087(on)X
1220(the)X
1384(server)X
1660(to)X
1774(access)X
2047(the)X
755 4376(version)N
1072(5)X
1163(style)X
1386(authentication)X
1975(data-)X
755 4472(base)N
977(but)X
1158(provide)X
1491(version)X
1818(4)X
1918(format)X
755 4568(tickets)N
1032(and)X
1200(messages.)X
1621(This)X
1813(allows)X
2074(an)X
755 4664(administrator)N
1309(to)X
1419(convert)X
1733(a)X
1815(version)X
2123(4)X
755 4760(installation)N
1233(to)X
1356(version)X
1678(5)X
1774(slowly,)X
2080(by)X
755 4856(supporting)N
1216(the)X
1395(old)X
1565(users)X
1822(with)X
2047(the)X
755 4952(compatibility)N
1277(code.)X
1518(After)X
1745(some)X
1968(grace)X
755 5048(period,)N
1070(the)X
1249(version)X
1578(4)X
1681(compatibility)X
755 5144(would)N
1006(be)X
1119(turned)X
1399(off.)X
1566(If)X
1654(a)X
1727(user)X
1917(wishes)X
755 5240(to)N
867(use)X
1034(both)X
1239(version)X
1550(4)X
1634(and)X
1813(version)X
2123(5)X
755 5336(programs)N
1138(simultaneously,)X
1754(the)X
1903(compa-)X
755 5432(tibility)N
1079(code)X
1315(can)X
1518(utilise)X
1824(the)X
2018(pre-)X
755 5528(authentication)N
1373(data)X
1613(in)X
1762(the)X
1956(ticket)X
755 5624(responses)N
1142(to)X
1238(indicate)X
1558(which)X
1803(algorithm)X
755 5720(should)N
1043(be)X
1169(used)X
1382(to)X
1494(convert)X
1810(her)X
1976(pass-)X
755 5816(word)N
961(to)X
1054(an)X
1169(encryption)X
1586(key.)X
3 f
2399 672(Interface)N
2811(coexistence:)X
1 f
3345(The)X
8 s
3512(MIT)X
10 s
3669(version)X
3967(5)X
2599 768(libraries)N
2952(were)X
3171(purposely)X
3574(designed)X
3940(to)X
2599 864(allow)N
2856(an)X
3010(application)X
3482(to)X
3613(simultane-)X
2599 960(ously)N
2829(support)X
3150(both)X
3350(versions)X
3692(4)X
3771(and)X
3945(5,)X
2599 1056(and)N
2772(this)X
2948(is)X
3044(the)X
3198(suggested)X
3597(compatibil-)X
2599 1152(ity)N
2724(mode.)X
2990(The)X
3157(telnet)X
3398([Pos83])X
3695(program)X
2599 1248(distributed)N
3069(with)X
3296(the)X
8 s
3472(MIT)X
10 s
3661(code)X
3882(can)X
2599 1344(automatically)N
3155(choose)X
3445(an)X
3586(authentica-)X
2599 1440(tion)N
2768(system)X
3051(to)X
3146(use)X
3296(when)X
3520(it)X
3599(connects)X
3940(to)X
2599 1536(a)N
2712(remote)X
3039(system,)X
3389(based)X
3668(on)X
3825(what)X
2599 1632(credentials)N
3048(the)X
3208(user)X
3410(holds)X
3647(and)X
3825(what)X
2599 1728(versions)N
2936(of)X
3032(authentication)X
3604(the)X
3753(remote)X
2599 1824(telnet)N
2866(server)X
3149(will)X
3337(accept.)X
3664(It)X
3777(imple-)X
2599 1920(ments)N
2854(the)X
3001(current)X
3305(draft)X
3516(speci\256cations)X
2599 2016(of)N
2722(the)X
2898(authentication)X
3497([Bor90a])X
3872(and)X
2599 2112(encryption)N
3016([Bor90b])X
3358(options.)X
3 f
2399 2236(Program)N
2817(compatibility:)X
1 f
3447(Another)X
3799(possi-)X
2599 2332(ble)N
2749(compatibility)X
3276(mode)X
3514(can)X
3684(be)X
3808(fabri-)X
2599 2428(cated)N
2829(by)X
2949(maintaining)X
3437(separate)X
3787(copies)X
2599 2524(of)N
2727(network)X
3094(applications)X
3603(which)X
3885(use)X
2599 2620(version)N
2899(4)X
2973(and)X
3141(version)X
3440(5)X
3513(protocol)X
3836(mes-)X
2599 2716(sages.)N
2878(The)X
3054(user)X
3250(would)X
3506(use)X
3665(a)X
3742(generic)X
2599 2812(name)N
2862(for)X
3024(the)X
3203(application,)X
3694(and)X
3891(the)X
2599 2908(application)N
3049(would)X
3310(try)X
3459(each)X
3666(authenti-)X
2599 3004(cation)N
2854(system)X
3143(in)X
3247(turn,)X
3464(by)X
3581(executing)X
3967(a)X
2599 3100(separate)N
2943(copy)X
3134(of)X
3227(the)X
3373(program)X
3714(for)X
3842(each)X
2599 3196(system)N
2887(\(see)X
3060(Figure)X
3335(6\).)X
3478(When)X
3722(authen-)X
2599 3292(tication)N
2908(is)X
2998(successfully)X
3467(completed,)X
3891(the)X
2599 3388(application)N
3042(would)X
3296(proceed)X
3612(as)X
3724(normal.)X
2599 3484(On)N
2737(both)X
2928(the)X
3075(client)X
3308(and)X
3474(server)X
3733(sides)X
3944(of)X
2599 3580(the)N
2845(application,)X
3403(this)X
3670(approach)X
2599 3676(requires)N
2943(two)X
3113(copies)X
3374(of)X
3478(the)X
3634(same)X
3862(pro-)X
2599 3772(gram,)N
2868(each)X
3090(linked)X
3375(with)X
3594(a)X
3690(different)X
2599 3868(authentication)N
3177(system.)X
3514(The)X
3690(different)X
2599 3964(versions)N
2965(of)X
3091(the)X
3270(server)X
3561(would)X
3842(each)X
2599 4060(accept)N
2873(requests)X
3228(at)X
3344(different)X
3705(network)X
2599 4156(ports,)N
2842(and)X
3012(the)X
3163(different)X
3515(clients)X
3789(would)X
2599 4252(only)N
2813(send)X
3042(a)X
3143(request)X
3476(to)X
3603(the)X
3779(server)X
2599 4348(which)N
2898(supports)X
3298(its)X
3468(authentication)X
2599 4444(type.)N
2599 4636(This)N
2810(approach)X
3198(could)X
3441(be)X
3572(mixed)X
3844(with)X
2599 4732(the)N
2761(glue)X
2960(library)X
3255(and/or)X
3533(single-server)X
2599 4828(approaches,)N
3075(by)X
3198(creating)X
3538(the)X
3693(separate)X
2599 4924(clients)N
2882(using)X
3125(the)X
3285(glue)X
3482(library)X
3774(and/or)X
2599 5020(using)N
2838(a)X
2918(single)X
3172(server)X
3439(program)X
3790(which)X
2599 5116(understands)N
3085(both)X
3271(protocols.)X
3 f
2399 5308(5.)N
2511(Status)X
2798(and)X
2977(future)X
3262(work)X
1 f
2399 5432(Kerberos)N
2766(version)X
3068(5)X
3144(is)X
3238(a)X
3314(large)X
3534(step)X
3720(forward)X
2399 5528(toward)N
2705(generalising)X
3208(Kerberos)X
3589(to)X
3706(make)X
3955(it)X
2399 5624(globally)N
2724(useful.)X
3031(We)X
3185(believe)X
3478(its)X
3607(framework)X
2399 5720(will)N
2593(be)X
2734(\257exible)X
3057(enough)X
3384(to)X
3512(accommodate)X
2399 5816(future)N
2653(requirements.)X
3217(Some)X
3440(items)X
3666(we)X
14 p
%%Page: 14 14
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(14)X
2349(-)X
1601 808(Client)N
1851(A)X
1587 792 MXY
336 238 De
2030 760(try)N
2162(protocol)X
2478(A)X
1971 780 MXY
-48 12 Dl
1971 804 MXY
-48 -12 Dl
10 f
(hhhhhhhhhhhhhhhhhh)S
2594 804 MXY
48 -12 Dl
2594 780 MXY
48 12 Dl
1 f
2648 808(Server)N
2915(A)X
2642 792 MXY
336 238 De
1777 1168(\(execute)N
2105(B)X
2185(if)X
2259(A)X
2339(fails\))X
1755 912 MXY
0 24 Dl
962 MY
0 24 Dl
1013 MY
0 24 Dl
1064 MY
0 24 Dl
1114 MY
0 24 Dl
1165 MY
0 24 Dl
1216 MY
0 24 Dl
1266 MY
0 24 Dl
1317 MY
0 24 Dl
1368 MY
0 23 Dl
1743 1344 MXY
12 47 Dl
1767 1344 MXY
-12 47 Dl
1601 1527(Client)N
1851(B)X
1587 1511 MXY
336 238 De
2030 1479(try)N
2162(protocol)X
2478(B)X
1971 1499 MXY
-48 12 Dl
1971 1523 MXY
-48 -12 Dl
10 f
(hhhhhhhhhhhhhhhhhh)S
2594 1523 MXY
48 -12 Dl
2594 1499 MXY
48 12 Dl
1 f
2648 1527(Server)N
2915(B)X
2642 1511 MXY
336 238 De
2832 1168(\(might)N
3100(be)X
3206(the)X
3348(same)X
3562(program\))X
2822 960 MXY
-12 -48 Dl
2798 960 MXY
12 -48 Dl
0 24 Dl
962 MY
0 24 Dl
1013 MY
0 24 Dl
1064 MY
0 24 Dl
1114 MY
0 24 Dl
1165 MY
0 24 Dl
1216 MY
0 24 Dl
1266 MY
0 24 Dl
1317 MY
0 24 Dl
1368 MY
0 23 Dl
2798 1344 MXY
12 47 Dl
2822 1344 MXY
-12 47 Dl
3 f
827 1784(Figure)N
1129(6:)X
2 f
1219(Implementing)X
1756(protocol)X
2071(compatibility)X
2580(by)X
2686(executing)X
3052(separate)X
3384(programs)X
1 f
555 1976(expect)N
824(to)X
928(be)X
1045(incorporated)X
1547(into)X
1725(Kerberos)X
2093(in)X
555 2072(the)N
697(near)X
888(future)X
1142(include:)X
3 f
555 2196(Public-key)N
1043(cryptosystems:)X
1 f
1705(The)X
1890(encryp-)X
755 2292(tion)N
924(speci\256cations)X
1442(in)X
1539(Kerberos)X
1897(version)X
755 2388(5)N
844(are)X
1008(designed)X
1378(primarily)X
1773(for)X
1920(secret-)X
755 2484(key)N
919(cryptosystems,)X
1501(but)X
1657(there)X
1885(is)X
1979(some)X
755 2580(ongoing)N
1083(work)X
1308(into)X
1491(the)X
1649(integration)X
2100(of)X
755 2676(public-key)N
1202(cryptosystems)X
1794(into)X
2002(Ker-)X
755 2772(beros,)N
996(and)X
1157(we)X
1281(hope)X
1478(to)X
1571(be)X
1677(able)X
1852(to)X
1945(better)X
755 2868(support)N
1070(them)X
1291(in)X
1394(future)X
1655(code)X
1846(releases.)X
755 2964(However,)N
1181(public-key)X
1639(cryptosystems)X
755 3060(have)N
998(different)X
1385(characteristics)X
1994(than)X
755 3156(secret-key)N
1173(systems,)X
1530(and)X
1708(their)X
1928(use)X
2093(in)X
755 3252(Kerberos)N
1127(may)X
1322(not)X
1479(take)X
1679(advantage)X
2100(of)X
755 3348(those)N
974(characteristics.)X
3 f
555 3472(\252Smartcards\272:)N
1 f
1319(Several)X
1779(companies)X
755 3568(manufacture)N
1256(hand-held)X
1655(devices)X
1946(which)X
755 3664(can)N
913(be)X
1026(used)X
1227(to)X
1327(augment)X
1683(normal)X
1976(pass-)X
755 3760(word)N
979(security)X
1316(methods,)X
1692(and)X
1870(there)X
2105(is)X
755 3856(strong)N
1019(interest)X
1336(within)X
1605(the)X
1753(industry)X
2096(to)X
755 3952(integrate)N
1140(one)X
1315(or)X
1437(more)X
1669(of)X
1781(these)X
2023(sys-)X
755 4048(tems)N
956(with)X
1145(Kerberos.)X
3 f
555 4172(Remote)N
948(administration:)X
1 f
1673(The)X
1890(current)X
755 4268(protocol)N
1090(speci\256cations)X
1626(do)X
1753(not)X
1913(specify)X
755 4364(any)N
944(administrative)X
1544(interface)X
1924(to)X
2047(the)X
8 s
755 4460(KDC)N
10 s
944(database.)X
8 s
1356(MIT)X
10 s
1485('s)X
1580(implementation)X
755 4556(provides)N
1093(a)X
1162(sample)X
1450(remote)X
1732(administra-)X
755 4652(tion)N
944(program)X
1303(which)X
1567(allows)X
1843(adminis-)X
755 4748(trators)N
1037(to)X
1135(add)X
1298(and)X
1464(modify)X
1743(entries)X
2028(and)X
755 4844(users)N
979(to)X
1075(change)X
1361(their)X
1567(keys.)X
1803(We)X
1945(would)X
755 4940(eventually)N
1177(like)X
1348(to)X
1452(standardise)X
1920(such)X
2123(a)X
755 5036(protocol.)N
1155(Some)X
1417(features)X
1782(we)X
1945(would)X
755 5132(like)N
926(to)X
1030(add)X
1199(include)X
1502(remote)X
1792(extraction)X
755 5228(of)N
857(server)X
1123(key)X
1288(tables,)X
1565(password)X
1947("qual-)X
755 5324(ity)N
932(checks,")X
1309(and)X
1525(a)X
1646(provision)X
2064(for)X
755 5420(servers)N
1073(to)X
1193(change)X
1502(their)X
1731(secret)X
1999(keys)X
755 5516(automatically)N
1285(every)X
1509(so)X
1608(often.)X
3 f
555 5640(Directional)N
1052(inter-realm)X
1551(keys:)X
1 f
1783(The)X
1947(proto-)X
755 5736(cols)N
918(will)X
1080(support)X
1390(the)X
1535(use)X
1686(of)X
1778(a)X
1846(different)X
755 5832(inter-realm)N
1217(key)X
1386(for)X
1527(each)X
1734(direction)X
2100(of)X
2599 1976(an)N
2741(inter-realm)X
3214(link,)X
3432(but)X
3604(our)X
3777(imple-)X
2599 2072(mentation)N
3025(only)X
3228(allows)X
3506(for)X
3654(the)X
3819(same)X
2599 2168(key)N
2753(to)X
2847(be)X
2954(used)X
3149(for)X
3275(both)X
3462(directions.)X
3893(We)X
2599 2264(would)N
2859(like)X
3035(to)X
3144(allow)X
3377(separate)X
3732(keys)X
3937(in)X
2599 2360(our)N
2784(implementation,)X
3453(to)X
3584(reduce)X
3891(the)X
2599 2456(exposure)N
2952(from)X
3148(a)X
3214(disclosed)X
3568(key.)X
3 f
2399 2580(Database)N
2863(propagations:)X
1 f
3515(The)X
3734(current)X
2599 2676(implementation)N
3217(provides)X
3560(reliable)X
8 s
3865(KDC)X
10 s
2599 2772(service)N
2887(by)X
3005(a)X
3080(periodic)X
3405(bulk-copy)X
3794(of)X
3891(the)X
8 s
2599 2868(KDC)N
10 s
2778(database)X
3140(to)X
3243(slave)X
8 s
3460(KDC)X
10 s
3638(machines.)X
2599 2964(It)N
2706(might)X
2969(be)X
3097(more)X
3328(convenient)X
3774(and/or)X
2599 3060(ef\256cient)N
2930(to)X
3035(build)X
3257(the)X
8 s
3406(KDC)X
10 s
3585(on)X
3707(a)X
3784(distri-)X
2599 3156(buted)N
2837(database)X
3194(technology.)X
3661(However,)X
2599 3252(the)N
2745(technology)X
3167(must)X
3381(provide)X
3682(a)X
3751(secure,)X
2599 3348(private)N
2902(transmission)X
3420(of)X
3524(the)X
3681(database)X
2599 3444(elements)N
2988(to)X
3115(each)X
3340(server,)X
3649(to)X
3775(insure)X
2599 3540(that)N
2782(an)X
2903(attacker)X
3241(cannot)X
3518(illegitimately)X
2599 3636(obtain)N
2854(any)X
3012(database)X
3364(entry.)X
3 f
2399 3760(Validation)N
2861(suites:)X
1 f
3152(The)X
3317(current)X
3617(implemen-)X
2599 3856(tation)N
2873(does)X
3089(not)X
3262(include)X
3585(a)X
3682(complete)X
2599 3952(validation)N
2996(suite)X
3203(to)X
3299(verify)X
3538(that)X
3718(the)X
3862(pro-)X
2599 4048(tocol)N
2793(is)X
2877(properly)X
3211(implemented.)X
3761(Such)X
3967(a)X
2599 4144(suite)N
2836(could)X
3087(prevent)X
3427(future)X
3714(security)X
2599 4240(problems)N
2961(in)X
3058(the)X
3201(case)X
3381(of)X
3470(a)X
3536(faulty)X
3777(imple-)X
2599 4336(mentation,)N
3042(and)X
3221(would)X
3483(help)X
3683(facilitate)X
2599 4432(interoperation)N
3157(of)X
3250(diverse)X
3542(implementa-)X
2599 4528(tions.)N
3 f
2399 4652(Applications:)N
1 f
2984(There)X
3239(are)X
3396(many)X
3640(more)X
3864(net-)X
2599 4748(work)N
2822(applications)X
3307(that)X
3499(would)X
3758(bene\256t)X
2599 4844(from)N
2824(the)X
2995(addition)X
3351(of)X
3468(authentication)X
2599 4940(which)N
2889(we)X
3060(have)X
3305(not)X
3493(had)X
3700(time)X
3935(or)X
2599 5036(resources)N
3023(to)X
3167(convert.)X
3558(Among)X
3891(the)X
2599 5132(highly)N
2862(visible)X
3130(examples)X
3505(are)X
3653(electronic)X
2599 5228(mail)N
2803(and)X
2980(popular)X
3304(bulletin-board)X
3867(sys-)X
2599 5324(tems)N
2800(\(such)X
3020(as)X
3123(Usenet\).)X
15 p
%%Page: 15 15
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(15)X
2349(-)X
3 f
555 672(Acknowledgements)N
1 f
555 796(The)N
755(work)X
999(described)X
1407(here)X
1630(has)X
1817(been)X
2047(the)X
555 892(result)N
802(of)X
898(many)X
8 s
1130(MIT)X
10 s
1288(Project)X
1576(Athena)X
1875(and)X
8 s
2038(MIT)X
10 s
555 988(Network)N
923(Services)X
1276(staff)X
1488(members')X
1889(visions,)X
555 1084(ideas,)N
791(and)X
952(hard)X
1149(work.)X
555 1208(The)N
732(author)X
1016(would)X
1273(especially)X
1669(like)X
1841(to)X
1946(thank)X
555 1304(Steve)N
796(Bellovin,)X
1160(Clifford)X
1481(Neuman,)X
1857(Jennifer)X
555 1400(Steiner,)N
895(and)X
1081(Ralph)X
1350(Swick)X
1617(for)X
1766(their)X
1993(com-)X
555 1496(ments)N
805(on)X
916(early)X
1126(drafts)X
1369(of)X
1458(this)X
1622(paper.)X
3 f
555 1688(REFERENCES)N
1 f
555 1868(Bel90.)N
919(S.)X
1039(M.)X
1185(Bellovin)X
1538(and)X
1725(M.)X
1870(Merritt,)X
919 1964(``Limitations)N
1470(of)X
1625(the)X
1832(Kerberos)X
919 2060(Authentication)N
1561(System,'')X
2 f
1971(Com-)X
919 2156(puter)N
1196(Communications)X
1905(Review)X
3 f
919 2252(20)N
1 f
1011(\(5\),)X
1153(pp.)X
1289(119-132)X
1602(\(October)X
1940(1990\).)X
555 2376(Bor90a.)N
919(D.)X
1109(Borman,)X
1534(Editor,)X
1897(``Telnet)X
919 2472(Authentication)N
1860(Option,'')X
919 2568(Internet-Draft,)N
1859(Internet)X
919 2664(Engineering)N
1424(Task)X
1654(Force,)X
1929(Telnet)X
919 2760(Working)N
1260(Group)X
1515(\(July)X
1725(1990\).)X
555 2884(Bor90b.)N
919(D.)X
1109(Borman,)X
1534(Editor,)X
1897(``Telnet)X
919 2980(Encryption)N
1429(Option,'')X
1832(Internet-)X
919 3076(Draft,)N
1283(Internet)X
1710(Engineering)X
919 3172(Task)N
1195(Force,)X
1516(Telnet)X
1848(Working)X
919 3268(Group)N
1174(\(April)X
1413(1990\).)X
555 3392(Dav90.)N
919(Don)X
1141(Davis)X
1423(and)X
1632(Ralph)X
1924(Swick,)X
919 3488(``Workstation)N
1459(Services)X
1815(and)X
2002(Ker-)X
919 3584(beros)N
1169(Authentication)X
1779(at)X
1907(Project)X
919 3680(Athena,'')N
1266(Technical)X
1645(Memorandum)X
919 3776(TM-424,)N
1332(MIT)X
1573(Laboratory)X
2064(for)X
919 3872(Computer)N
1405(Science)X
1795(\(February)X
919 3968(1990\).)N
555 4092(Jue85.)N
919(R.)X
1042(R.)X
1165(Jueneman,)X
1616(S.)X
1730(M.)X
1870(Matyas,)X
919 4188(and)N
1142(C.)X
1306(H.)X
1478(Meyer,)X
1818(``Message)X
919 4284(Authentication,'')N
2 f
1563(IEEE)X
1802(Commun-)X
919 4380(ications)N
3 f
1281(23)X
1 f
1373(\(9\),)X
1566(pp.)X
1702(29-40)X
1977(\(Sep-)X
919 4476(tember)N
1203(1985\).)X
555 4600(Koh89.)N
919(John)X
1183(T.)X
1340(Kohl,)X
1620(``The)X
1876(Use)X
2100(of)X
919 4696(Encryption)N
1372(in)X
1486(Kerberos)X
1861(for)X
2004(Net-)X
919 4792(work)N
1148(Authentication,'')X
1802(in)X
2 f
1919(Crypto)X
919 4888('89)N
1162 0.3750(Conference)AX
1704(Proceedings)X
1 f
2145(,)X
919 4984(International)N
1528(Association)X
2064(for)X
919 5080(Cryptologic)N
1369(Research,)X
1758(Santa)X
2002(Bar-)X
919 5176(bara,)N
1131(CA)X
1269(\(August)X
1585(1989\).)X
555 5300(Koh90.)N
919(John)X
1164(T.)X
1302(Kohl)X
1540(and)X
1741(B.)X
1883(Clifford)X
919 5396(Neuman,)N
1285(``The)X
1485(Kerberos)X
1845(Network)X
919 5492(Authentication)N
1575(Service,'')X
1998(RFC)X
919 5588(DRAFT)N
1238(4,)X
1361(Project)X
1656(Athena,)X
1983(Mas-)X
919 5684(sachusetts)N
1359(Institute)X
1733(of)X
1848(Technol-)X
919 5780(ogy)N
1067(\(December)X
1485(1990\).)X
2399 672(Lin90.)N
2763(John)X
2978(Linn,)X
2 f
3208(Generic)X
3522(Security)X
3859(Ser-)X
2763 768(vice)N
2953(Application)X
3430(Program)X
3803(Inter-)X
2763 864(face,)N
1 f
2959(Digital)X
3243(Equipment)X
3684(Corpora-)X
2763 960(tion)N
2957(\(September)X
3431(1990\).)X
3726(Version)X
2763 1056(C.3.)N
2399 1180(Lom89.)N
2763(T.)X
2904(Mark)X
3174(A.)X
3320(Lomas,)X
3652(Li)X
3795(Gong,)X
2763 1276(Jerome)N
3064(H.)X
3183(Saltzer,)X
3499(and)X
3667(Roger)X
3913(M.)X
2763 1372(Needham,)N
3178(``Reducing)X
3594(Risks)X
3837(from)X
2763 1468(Poorly)N
3043(Chosen)X
3359(Keys,'')X
2 f
3638(Operating)X
2763 1564(Systems)N
3108(Review)X
3 f
3415(23)X
1 f
3507(\(5\),)X
3672(pp.)X
3808(14-18)X
2763 1660(\(December)N
3181(1989\).)X
2399 1784(Mer90.)N
2763(Ralph)X
3018(C.)X
3131(Merkle,)X
3451(``Fast)X
3681(Software)X
2763 1880(Encryption)N
3206(Functions,'')X
3659(in)X
2 f
3763(Crypto)X
2763 1976('90)N
3006 0.3750(Conference)AX
3548(Proceedings)X
1 f
3989(,)X
2763 2072(International)N
3372(Association)X
3908(for)X
2763 2168(Cryptologic)N
3213(Research,)X
3602(Santa)X
3846(Bar-)X
2763 2264(bara,)N
2975(CA)X
3113(\(August)X
3429(1990\).)X
2399 2388(Mil87.)N
2763(S.)X
2869(P.)X
2977(Miller,)X
3259(B.)X
3372(C.)X
3485(Neuman,)X
3858(J.)X
3957(I.)X
2763 2484(Schiller,)N
3113(and)X
3294(J.)X
3402(H.)X
3532(Saltzer,)X
2 f
3859(Sec-)X
2763 2580(tion)N
2953(E.2.1:)X
3211(Kerberos)X
3580(Authentica-)X
2763 2676(tion)N
2961(and)X
3159(Authorization)X
3725(System,)X
1 f
2763 2772(M.I.T.)N
3080(Project)X
3429(Athena,)X
3811(Cam-)X
2763 2868(bridge,)N
3043(Massachusetts)X
3615(\(December)X
2763 2964(21,)N
2895(1987\).)X
2399 3088(FIPS46.)N
2763(National)X
3145(Bureau)X
3480(of)X
3606(Standards,)X
2763 3184(U.S.)N
2975(Department)X
3478(of)X
3597(Commerce,)X
2763 3280(``Data)N
3087(Encryption)X
3611(Standard,'')X
2763 3376(Federal)N
3109(Information)X
3615(Processing)X
2763 3472(Standards)N
3172(Publication)X
3619(46,)X
3776(Wash-)X
2763 3568(ington,)N
3044(DC)X
3186(\(1977\).)X
2399 3692(FIPS81.)N
2763(National)X
3145(Bureau)X
3480(of)X
3606(Standards,)X
2763 3788(U.S.)N
2975(Department)X
3478(of)X
3597(Commerce,)X
2763 3884(``DES)N
3070(Modes)X
3413(of)X
3584(Operation,'')X
2763 3980(Federal)N
3109(Information)X
3615(Processing)X
2763 4076(Standards)N
3313(Publication)X
3901(81,)X
2763 4172(Spring\256eld,)N
3216(VA)X
3354(\(December)X
3772(1980\).)X
2399 4296(Nee78.)N
2763(Roger)X
3016(M.)X
3150(Needham)X
3541(and)X
3716(Michael)X
2763 4392(D.)N
2882(Schroeder,)X
3312(``Using)X
3598(Encryption)X
2763 4488(for)N
2900(Authentication)X
3491(in)X
3599(Large)X
3848(Net-)X
2763 4584(works)N
3021(of)X
3123(Computers,'')X
2 f
3619(Communi-)X
2763 4680(cations)N
3115(of)X
3272(the)X
3475(ACM)X
3 f
3755(21)X
1 f
3847(\(12\),)X
2763 4776(pp.)N
2899(993-999)X
3212(\(December,)X
3652(1978\).)X
2399 4900(Neu91.)N
2763(B.)X
2933(Clifford)X
3307(Neuman,)X
3737(``Proxy-)X
2763 4996(Based)N
3173(Authorization)X
3872(and)X
2763 5092(Accounting)N
3228(for)X
3380(Distributed)X
3854(Sys-)X
2763 5188(tems,'')N
3019(Technical)X
3398(Report)X
3671(91-02-01,)X
2763 5284(Department)N
3241(of)X
3336(Computer)X
3735(Science)X
2763 5380(and)N
2959(Engineering,)X
3494(University)X
3944(of)X
2763 5476(Washington)N
3230(\(February)X
3624(1991\).)X
2399 5600(Pos83.)N
2763(J.)X
2863(Postel)X
3123(and)X
3296(J.)X
3395(Reynolds,)X
3788(``TEL-)X
2763 5696(NET)N
2965(Protocol)X
3292(Speci\256cation,'')X
3842(RFC)X
2763 5792(854,)N
3028(University)X
3511(of)X
3667(Southern)X
16 p
%%Page: 16 16
10 s 0 xH 0 xS 1 f
0 32(--)N
4323(--)X
2190 416(-)N
2239(16)X
2349(-)X
919 672(California,)N
1362(Information)X
1854(Sciences)X
919 768(Institute)N
1288(\(May)X
1500(1983\).)X
555 892(Riv90.)N
919(R.)X
1059(Rivest,)X
1375(``The)X
1609(MD4)X
1850(Message)X
919 988(Digest)N
1228(Algorithm,'')X
1730(RFC)X
1969(1186,)X
919 1084(MIT)N
1148(Laboratory)X
1626(for)X
1796(Computer)X
919 1180(Science)N
1217(\(October)X
1555(1990\).)X
555 1304(Riv78.)N
919(R.)X
1040(L.)X
1156(Rivest,)X
1453(A.)X
1574(Shamir,)X
1912(and)X
2092(L.)X
919 1400(Adleman,)N
1308(``A)X
1432(Method)X
1748(for)X
1885(Obtain-)X
919 1496(ing)N
1147(Digital)X
1513(Signatures)X
2028(and)X
919 1592(Public-Key)N
1345(Cryptosystems,'')X
2 f
1971(Com-)X
919 1688(munications)N
1429(of)X
1548(the)X
1713(ACM)X
3 f
1955(21)X
1 f
2047(\(2\),)X
919 1784(pp.)N
1055(120-126)X
1370(\(February)X
1766(1978\).)X
2037(See)X
919 1880(also)N
1087(U.S.)X
1268(Patent)X
1538 -0.4722(4,405,829.)AX
555 2004 -0.4911(ISO8824.)AN
941(International)X
1507(Organization)X
2064(for)X
919 2100(Standardization,)N
1691(``Information)X
919 2196(Processing)N
1356(Systems)X
1706(-)X
1773(Open)X
2010(Sys-)X
919 2292(tems)N
1328(Interconnection)X
2140(-)X
919 2388(Speci\256cation)N
1435(of)X
1546(Abstract)X
1907(Syntax)X
919 2484(Notation)N
1286(One)X
1479(\(ASN.1\),'')X
1868(IS)X
1991(8824)X
919 2580(\(December)N
1337(1987\).)X
1606(First)X
1810(Edition.)X
555 2704 -0.4911(ISO8825.)AN
941(International)X
1507(Organization)X
2064(for)X
919 2800(Standardization,)N
1691(``Information)X
919 2896(Processing)N
1356(Systems)X
1706(-)X
1773(Open)X
2010(Sys-)X
919 2992(tems)N
1328(Interconnection)X
2140(-)X
919 3088(Speci\256cation)N
1445(of)X
1567(Basic)X
1821(Encoding)X
919 3184(Rules)N
1166(for)X
1307(Abstract)X
1662(Syntax)X
1960(Nota-)X
919 3280(tion)N
1151(One)X
1389(\(ASN.1\),'')X
1823(IS)X
1991(8825)X
919 3376(\(November)N
1347(1987\).)X
1616(First)X
1820(Edition.)X
555 3500(Ste88.)N
919(J.)X
1013(G.)X
1125(Steiner,)X
1446(B.)X
1554(C.)X
1661(Neuman,)X
2028(and)X
919 3596(J.)N
1066(I.)X
1201(Schiller,)X
1590(``Kerberos:)X
2060(An)X
919 3692(Authentication)N
1517(Service)X
1827(for)X
1970(Open)X
919 3788(Network)N
1294(Systems,'')X
1710(pp.)X
1876(191-202)X
919 3884(in)N
2 f
1062(Usenix)X
1383 0.3750(Conference)AX
1854(Proceed-)X
919 3980(ings)N
1 f
1074(,)X
1163(Dallas,)X
1489(Texas)X
1773(\(February,)X
919 4076(1988\).)N
555 4200(Tre88.)N
919(G.)X
1036(W.)X
1169(Treese,)X
1470(``Berkeley)X
1864(Unix)X
2078(on)X
919 4296(1000)N
1237(Workstations:)X
1896(Athena)X
919 4392(Changes)N
1269(to)X
1370(4.3BSD,'')X
1733(pp.)X
1876(175-182)X
919 4488(in)N
2 f
1062(Usenix)X
1383 0.3750(Conference)AX
1854(Proceed-)X
919 4584(ings)N
1 f
1074(,)X
1163(Dallas,)X
1489(Texas)X
1773(\(February,)X
919 4680(1988\).)N
555 4900(Project)N
871(Athena,)X
1220(Athena,)X
1569(Athena)X
1896(MUSE,)X
555 4996(Discuss,)N
933(Hesiod,)X
1283(Kerberos,)X
1713(Moira,)X
2028(and)X
555 5092(Zephyr)N
903(are)X
1108(trademarks)X
1626(of)X
1778(the)X
1983(Mas-)X
555 5188(sachusetts)N
998(Institute)X
1375(of)X
1493(Technology)X
1962(\()X
8 s
1989(MIT)X
10 s
2118(\).)X
555 5284(No)N
712(commercial)X
1188(use)X
1366(of)X
1485(these)X
1734(trademarks)X
555 5380(may)N
737(be)X
845(made)X
1070(without)X
1381(prior)X
1588(written)X
1885(permis-)X
555 5476(sion)N
728(of)X
8 s
813(MIT)X
10 s
942(.)X
555 5572(X)N
633(Window)X
955(System)X
1249(is)X
1333(a)X
1399(trademark)X
1817(of)X
8 s
1902(MIT)X
10 s
2031(.)X
9 s
555 5668(UNIX)N
10 s
802(is)X
912(a)X
1004(registered)X
1426(trademark)X
1870(of)X
1985(Unix)X
555 5764(Systems)N
899(Laboratories,)X
1425(Inc.)X
1598(in)X
1706(the)X
8 s
1856(USA)X
10 s
2028(and)X
2399 672(other)N
2617(countries.)X
0 6360(--)N
4323(--)X
16 p
%%Trailer
xt
xs