Xref: utzoo sci.crypt:1461 comp.unix.wizards:13952 news.sysadmin:2033
Path: utzoo!attcan!uunet!husc6!bloom-beacon!athena.mit.edu!treese
From: treese@athena.mit.edu (Win Treese)
Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin
Subject: Re: Yet Another useful paper
Message-ID: <8687@bloom-beacon.MIT.EDU>
Date: 8 Jan 89 07:52:19 GMT
References: <11013@ulysses.homer.nj.att.com> <2308@cuuxb.ATT.COM> <12750@bellcore.bellcore.com> <1988Dec26.151208.19016@ziebmef.uucp> <13022@bellcore.bellcore.com> <276@gloom.UUCP> <920@acer.stl.stc.co.uk>
Sender: daemon@bloom-beacon.MIT.EDU
Reply-To: treese@athena.mit.edu (Win Treese)
Organization: Massachusetts Institute of Technology
Lines: 35

In article <920@acer.stl.stc.co.uk> "David Wright" <dww@stl.stc.co.uk> writes:
>In article <276@gloom.UUCP> cory@gloom.UUCP (Cory Kempf) writes:
>#In article <13022@bellcore.bellcore.com> karn@ka9q.bellcore.com (Phil Karn) writes:
>#> The answer to that problem is a good
>#>authentication scheme that would allow you to give your password only once
>#>(when logging in to your "home" computer) which would then enable your
>#>system to authenticate you to the other systems you use regularly on the
>#>network. 
>#
>#Let's see if I have this right... you are going to allow the
>#workstation that is sitting on my desk to convince another system that
>#I am me, right?
>#This workstation that will then lie for me if I ask it to? and tell
>#your system that I am you?  Or just about anybody else?
>#Really?
>
>Yes, of course.   Why not?   Not without some help, and not with current 
>standard UNIX and rsh/rlogin/etc. programs, but it is possible.

[...authentication scheme description deleted...]

See Steiner, Neuman, and Schiller, "Kerberos: An Authentication System
for Open Network Systems," USENIX, Winter 1988, Dallas, TX.

Kerberos is very similar to the scheme Mr. Wright described, and it has
been running at MIT for a few years now.  More information can be obtained
by writing to info-kerberos@athena.mit.edu.

BTW, the basic scheme Kerberos uses was described in a *1978* paper by
Needham and Schroeder, which appeared in CACM.

	Win Treese
	Digital Equipment Corp.
	Cambridge Research Lab
	treese@crl.dec.com