[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
1.7. What are the differences between Kerberos Version 4 and Version 5?
The paper "The Evolution of the Kerberos Authentication System" is a very
good description of the limitations of Kerberos 4 and what changes were made
in Kerberos 5. This paper is available from
<ftp://athena-dist.mit.edu/pub/kerberos/doc/>.
However, here is a quick list of the more important changes:
* The key salt algorithm has been changed to use the entire principal
name.
* The network protocol has been completely redone and now uses ASN.1
encoding everywhere.
* There is now support for forwardable, renewable, and postdatable
tickets.
* Kerberos tickets can now contain multiple IP addresses and addresses
for different types of networking protocols.
* A generic crypto interface module is now used, so other encryption
algorithms beside DES can be used.
* There is now support for replay caches, so authenticators are not
vulnerable to replay.
* There is support for transitive cross-realm authentication.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update September 05 2008 @ 00:14 AM