On Nov 3, 2014, at 4:28 AM, Jérémie Courrèges-Anglas <[email protected]> wrote:
> Philip Guenther <[email protected]> writes: > >> [apologies for the contentless previous message] >> >> On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther <[email protected]> wrote: >>> On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill <[email protected]> wrote: >>> ... >>>> what about kerberos? (windows K5 vs Unix K5?) >> >> There's a bunch of *really good* papers on Kerberos's design which >> discuss exactly these sorts of issues and how they are addressed or >> completely avoided. I remember finding the one cast as a dialog >> between two system programmers (one named Athena...) as a good intro >> on this stuff. > > Yup. First "tutorial" link on this page: > > http://web.mit.edu/kerberos/papers.html > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE Here is a pretty good blackhat talk about this: though its windows specific the gist of it is Kerberos is just as broken as NTLM. since enforcement is client side . -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
