Date: Fri, 13 Nov 1998 12:59:20 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>, oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG Subject: Re: Intruder Lockout Message-ID: <199811131759.MAA22375@khavrinen.lcs.mit.edu> In-Reply-To: <Pine.BSF.3.96.981113123242.15232B-100000@fledge.watson.org> References: <199811131452.GAA15069@cwsys.cwsent.com> <Pine.BSF.3.96.981113123242.15232B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 13 Nov 1998 12:39:18 -0500 (EST), Robert Watson <robert@cyrus.watson.org> said: > designed to be, really :). Any attempt to search passwords by repeated > login attempts would still work, although there is now a centralized Not in Kerberos v5. Krb5 supports pre-authentication for TGT requests, such that in order to get a TGT you must already prove cryptographically that you know the password. That and replay protection are the two principal advances of v5 over v4. (Oh, it also allows parametric selection of crypto algorithms.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811131759.MAA22375>