Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 1.7. What are the differences between Kerberos Version 4 and Version 5?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Cities ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?
See reader questions & answers on this topic! - Help others by sharing your knowledge

The paper "The Evolution of the Kerberos Authentication System" is a very
good description of the limitations of Kerberos 4 and what changes were made
in Kerberos 5. This paper is available from
<ftp://athena-dist.mit.edu/pub/kerberos/doc/>.

However, here is a quick list of the more important changes:

   * The key salt algorithm has been changed to use the entire principal
     name.
   * The network protocol has been completely redone and now uses ASN.1
     encoding everywhere.
   * There is now support for forwardable, renewable, and postdatable
     tickets.
   * Kerberos tickets can now contain multiple IP addresses and addresses
     for different types of networking protocols.
   * A generic crypto interface module is now used, so other encryption
     algorithms beside DES can be used.
   * There is now support for replay caches, so authenticators are not
     vulnerable to replay.
   * There is support for transitive cross-realm authentication.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.6. Are there any other free version of Kerberos available?
Next Document: 1.8. What are the differences between AFS Kerberos and "normal" Kerberos?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM