[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
1.7. What are the differences between Kerberos Version 4 and Version 5?
The paper "The Evolution of the Kerberos Authentication System" is a very good description of the limitations of Kerberos 4 and what changes were made in Kerberos 5. This paper is available from <ftp://athena-dist.mit.edu/pub/kerberos/doc/krb_evol.PS>. However, here is a quick list of the more important changes: * The key salt algorithm has been changed to use the entire principal name. * The network protocol has been completely redone and now uses ASN.1 encoding everywhere. * There is now support for forwardable, renewable, and postdatable tickets. * Kerberos tickets can now contain multiple IP addresses and addresses for different types of networking protocols. * A generic crypto interface module is now used, so other encryption algorithms beside DES can be used. * There is now support for replay caches, so authenticators are not vulnerable to replay. * There is support for transitive cross-realm authentication.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
Single Page
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update October 22 2009 @ 05:26 AM