Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!agate!stanford.edu!MIT.EDU!jon
From: jon@MIT.EDU (Jon A. Rochlis)
Newsgroups: comp.protocols.kerberos
Subject: Re: Verifying passwords without getting new tickets
Message-ID: <9105202054.AA14384@delwin.MIT.EDU>
Date: 20 May 91 20:54:45 GMT
Article-I.D.: delwin.9105202054.AA14384
References: <9105201808.AA10941@ATHENA.MIT.EDU>
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 8


   All you need to do is eavesdrop on X logging in once.
 
That is *much* harder than simply asking for a ticket in somebody
else's name and therefore even though it's only a partial solution, it
add significant value.  Security is a world of tradeoffs.

		-- Jon