Path: utzoo!attcan!uunet!ogicse!ucsd!usc!apple!mips!pacbell.com!jmc
From: jmc@PacBell.COM (Jerry M. Carlin)
Newsgroups: comp.protocols.kerberos
Subject: Re: Why is initial user authentication done the way it is?
Message-ID: <1990Jun15.152103.15241@PacBell.COM>
Date: 15 Jun 90 15:21:03 GMT
References: <9006150126.AA22710@E40-008-10.MIT.EDU> <9006150549.AA24093@PIT-MANAGER.MIT.EDU>
Sender: news@PacBell.COM
Organization: Pacific * Bell
Lines: 14

In article <9006150549.AA24093@PIT-MANAGER.MIT.EDU> jik@PIT-MANAGER.MIT.EDU ("Jonathan I. Kamens") writes:
...
>1. Under Unix, you have to have an account on a properly configured
>   machine in order to get a hole of the passwd file.  Under Kerberos,
>   anyone on the Internet can request an encrypted sample of anyone to
>   bang on it.

Kerberos is necessary but not sufficient for enhanced security. A gateway
machine (or router) serving as a "firewall" can disallow packets coming
in from j.random.cyberpunk@never.never.land whilst still allowing legitimate
machines access.
--
Jerry M. Carlin	(415) 823-2441 jmc@srv.pacbell.com
To dream the impossible dream. To fight the unbeatable foe.