Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!ucsd!ucbvax!agate!shelby!allegra.att.com!@ulysses.att.com:mischu
From: @ulysses.att.com:mischu@allegra.att.com
Newsgroups: comp.protocols.kerberos
Subject: Paper:  Limitations of the Kerberos Authentication System
Message-ID: <9007131358.AA06561@ATHENA.MIT.EDU>
Date: 13 Jul 90 13:49:18 GMT
Sender: daemon@shelby.Stanford.EDU
Reply-To: smb@ulysses.att.com, mischu@allegra.att.com
Organization: The Internet
Lines: 20

Michael Merritt and I have a paper on the limitations of Kerberos,
which has been submitted to Computer Communications Review.  A draft,
in Postscript, is available for anonymous ftp from inet.att.com
(192.20.225.2) in ~ftp/dist/kerblimit.ps.


		--Steve Bellovin
		smb@ulysses.att.com


Abstract:
	The Kerberos authentication system, a part of MIT's Project
	Athena, has been adopted by other organizations.  Despite
	Kerberos's many strengths, it has a number of limitations and
	some weaknesses.  Some are due to specifics of the MIT
	environment; others represent deficiencies in the protocol
	design.  We discuss a number of such problems, and present
	solutions to some of them.  We also demonstrate how
	special-purpose cryptographic hardware may be needed in some
	cases.