From owner-freebsd-security Fri Nov 13 10:00:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA09136 for freebsd-security-outgoing; Fri, 13 Nov 1998 10:00:06 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA09063 for ; Fri, 13 Nov 1998 09:59:58 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id MAA22375; Fri, 13 Nov 1998 12:59:20 -0500 (EST) (envelope-from wollman) Date: Fri, 13 Nov 1998 12:59:20 -0500 (EST) From: Garrett Wollman Message-Id: <199811131759.MAA22375@khavrinen.lcs.mit.edu> To: Robert Watson Cc: Cy Schubert - ITSD Open Systems Group , oortiz@LCSI.COM, freebsd-security@FreeBSD.ORG Subject: Re: Intruder Lockout In-Reply-To: References: <199811131452.GAA15069@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > designed to be, really :). Any attempt to search passwords by repeated > login attempts would still work, although there is now a centralized Not in Kerberos v5. Krb5 supports pre-authentication for TGT requests, such that in order to get a TGT you must already prove cryptographically that you know the password. That and replay protection are the two principal advances of v5 over v4. (Oh, it also allows parametric selection of crypto algorithms.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message