On Wed, 17 Apr 2013, Mengjia Ding wrote: > From: Mengjia Ding <[email protected]> > To: [email protected] > Date: Wed, 17 Apr 2013 21:02:48 > Subject: Fwd: Kerb5 features > > I'm a student from University of York. Now I'm planning for > a paper about the modifications from kerb4 to kerb5. I was > searching some useful imformation on your website. Unfortunately, > I couldn't find anything about kerb4 which can help me to find > the differences or improvement between kerb4 and kerb5. So can > you support me some information about the features of kerb5, > especially for thoses modifications countering threats addressed > by each change?
See: http://web.mit.edu/kerberos/krb4-end-of-life.html I'd have thought the switch away from enforced "weak" DES encryption was significant. See: http://www.schneier.com/paper-keylength.html for some background. Kerberos5 introduced a framework which allowed for an exanding list of encryption types. For example the introduction of the camellia family of encryption types in recent versions of Kerberos5. Also Reference[2] from the above might prove useful. I'm sure I've only touched on the surface of this subject and more capable others could chime in. As a site we started with Kerberos4 in 1991 (I think) and migrated to Kerberos5 in 2004. We now have good interoperability with heimdal (My OpenBSD machines work well with our MIT kerberos-based machines) and, at least in theory, Microsoft's Active Directory. Shudder, I wouldn't want to go back. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK [email protected] Phone: +44 1225 386101 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
