Hello, When studying Kerberos literature, I sometimes bounce into statements regarding "the well-documented shortcomings of Kerberos".
I am aware of the problems due to weak principal passwords, and of the aggrevation of this risk due to the lack of Perfect Forward Secrecy. I understand that clocks are assumed to be secure, which is rarely a fact. What I don't know is if this is all I need to know. I can find a few documents, but some appear really old. Is there an overview documenting weaknesses in today's Kerberos? Thanks, -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos