Path: utzoo!attcan!uunet!samsung!umich!terminator!terminator.cc.umich.edu!wes
From: wes@terminator.cc.umich.edu (Wesley Craig)
Newsgroups: comp.protocols.kerberos
Subject: Re: Why is initial user authentication done the way it is?
Message-ID: <1990Jun15.163711.4803@terminator.cc.umich.edu>
Date: 15 Jun 90 16:37:11 GMT
References: <9006150126.AA22710@E40-008-10.MIT.EDU> <9006150549.AA24093@PIT-MANAGER.MIT.EDU> <1990Jun15.152103.15241@PacBell.COM>
Sender: usenet@terminator.cc.umich.edu (usenet news)
Organization: U of Michigan, ITD Research Systems
Lines: 12

In article <1990Jun15.152103.15241@PacBell.COM> jmc@PacBell.COM (Jerry M. Carlin) writes:
>Kerberos is necessary but not sufficient for enhanced security. A gateway
>machine (or router) serving as a "firewall" can disallow packets coming
>in from j.random.cyberpunk@never.never.land whilst still allowing legitimate
>machines access.

Thus making it extreemly difficult to use in a wide area network (like
from usenix, for example). Moreover, if kerberos is accepted by DCE and
ISO for an extension to X.500, how are you going to "keep the bad guy
out".

wes