Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What are the differences between Kerberos Version 4 and Version 5?

differences Kerberos version
0
10 Posted

What are the differences between Kerberos Version 4 and Version 5?

0 CommentsAdd a Comment

2 Answers

0
Profile photo of LindseyMyer LindseyMyer

The paper “The Evolution of the Kerberos Authentication System” is a very good description of the limitations of Kerberos 4 and what changes were made in Kerberos 5. This paper is available from . However, here is a quick list of the more important changes: • The key salt algorithm has been changed to use the entire principal name. • The network protocol has been completely redone and now uses ASN.1 encoding everywhere. • There is now support for forwardable, renewable, and postdatable tickets. • Kerberos tickets can now contain multiple IP addresses and addresses for different types of networking protocols. • A generic crypto interface module is now used, so other encryption algorithms beside DES can be used. • There is now support for replay caches, so authenticators are not vulnerable to replay. • There is support for transitive cross-realm authentication.

0 CommentsAdd a Comment
0

The paper “The Evolution of the Kerberos Authentication System” is a very good description of the limitations of Kerberos 4 and what changes were made in Kerberos 5. This paper is available from . However, here is a quick list of the more important changes: • The key salt algorithm has been changed to use the entire principal name. • The network protocol has been completely redone and now uses ASN.1 encoding everywhere. • There is now support for forwardable, renewable, and postdatable tickets. • Kerberos tickets can now contain multiple IP addresses and addresses for different types of networking protocols. • A generic crypto interface module is now used, so other encryption algorithms beside DES can be used. • There is now support for replay caches, so authenticators are not vulnerable to replay. • There is support for transitive cross-realm authentication.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123