@device(PostScript) @make(Plan) @use(bibliography "kerberos/krb.bib") @style(references=CACM, BibSelect=Complete) @planhead(versiondate="27 Oct 1988", plansection="Section E.2.1", copyrightdate="1985, 1986, 1987", title="Kerberos Authentication and Authorization System", author="by S. P. Miller, B. C. Neuman, J. I. Schiller, @~ and J. H. Saltzer") @quotation{@g; also spelled @i(Cerberus).@ @ @i["n. The watch dog of Hades, whose duty it was to guard the entrance@Yagainst whom or what does not clearly appear; . . . is known to have had three heads. . ."] @flushright[@YAmbrose Bierce, @i(The Enlarged Devil's Dictionary)]} @blankspace(0.25inches) This document describes the assumptions, short and long term goals, and system model for a network authentication system, named Kerberos, for the Athena environment. An appendix specifies the detailed design and protocols to support these goals, and a set of UNIX@foot[UNIX is a trademark of AT&T Bell Laboratories.] manual pages, not included here, describes an implementation for Berkeley 4.3 UNIX of both user interface commands and also library interfaces for clients and servers. The next section of the technical plan, E.2.2, describes a set of network applications that use Kerberos for authentication. @tabclear() @tabset(4 char, +4char, +4char, +4char,+4char, +4char, +4char,+4char, +4char, +4char,+4char, +4char, +4char,+4char, +4char, +4char,+4char, +4char) @include(kerberos/plan.mss) @include(kerberos/database.mss) @include(kerberos/authorization.mss) @include(kerberos/ack.mss) @newpage() @Majorsection(Appendix I@YDesign Specifications) This section contains detailed design specifications for the current implementation of Kerberos. It is of interest primarily to implementers. @include(kerberos/design.mss) @include(kerberos/wellknown.mss) @include(kerberos/history.mss) @newpage() @Majorsection(Appendix II@YThe Kerberos Encryption Library) @include(kerberos/encrypt.mss)