This page contains citations and references to information about Kerberos and related systems.
Bill Bryant. Designing an Authentication System: a Dialogue in Four Scenes. 1988. Afterword by Theodore Ts'o, 1997. html
Brian Tung. The Moron's Guide to Kerberos. html
B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks, IEEE Communications, 32(9):33-38. September 1994. html
John T. Kohl, B. Clifford Neuman, and Theodore Y. T'so, The Evolution of the Kerberos Authentication System. In Distributed Open Systems, pages 78-94. IEEE Computer Society Press, 1994. text , postscript
John Kohl and B. Clifford Neuman. The Kerberos Network Authentication Service (Version 5). Internet Request for Comments RFC-1510. September 1993. text
John Linn. The Kerberos Version 5 GSS-API Mechanism. Internet Request for Comments RFC 1964. text
Clifford Neumann. The Kerberos Network Authentication Service (V5). Internet Draft ietf-cat-kerb-kerberos-revision-04.txt, June 1999. text
Marc Horowitz. Kerberos Change Password Protocol, Internet Draft ietf-cat-kerb-chg-password-00, March 1997. text
B. Clifford Neuman, Brian Tung, and John Wray. Public Key Cryptography for Initial Authentication in Kerberos, Internet Draft ietf-cat-kerberos-pk-init-09, July 1999. text
B. Clifford Neuman and Glen Zorn. Integrating One-time Passwords with Kerberos, Internet Draft ietf-cat-kerberos-passwords-02, April 1995. text. (Note: expired, new draft not yet available.)
J. Linn, Generic Security Service Application Program Interface Version 2, Update 1. Internet Request for Comments RFC-2743. (Obsoletes RFC2078) January 2000. text
J. Wray, Generic Security Service API Version 2 : C-bindings. Internet Request for Comments RFC-2744 (Obsoletes RFC1509) January 2000. text
B. Clifford Neuman. Proxy-Based Authorization and Accounting for Distributed Systems. In Proceedings of the 13th International Conference on Distributed Computing Systems, pages 283-291, May 1993. postscript, compressed postscript
Marlena E. Erdos and Joseph N. Pato. Extending the OSF DCE Authorization System to Support Practical Delegation. In Proceedings of the 1993 PSRG Workshop on Network and Distributed System Security, February 1993. postscript
Bill Bryant. Designing an Authentication System: a Dialogue in Four Scenes. 1988. Afterword by Theodore Ts'o, 1997. html
J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In Proceedings of the Winter 1988 Usenix Conference. February, 1988. (Version 4) text , postscript
B. Clifford Neuman and Jennifer G. Steiner. Authentication of Unknown Entities on an Insecure Network of Untrusted Workstations. In Proceedings of the Usenix Workshop on Workstation Security, Portland, OR. August, 1988. postscript
S.P. Miller, B. C. Neuman, J. I. Schiller, and J.H. Saltzer. Section E.2.1: Kerberos Authentication and Authorization System. Project Athena Technical Plan, MIT Project Athena, Cambridge, Massachusetts, October 1988. (Version 4) text , postscript
S. M. Bellovin and M. Merritt. Limitations of the Kerberos Authentication System. In Proceedings of the Winter 1991 Usenix Conference. January 1991. postscript
B. Clifford Neuman and Stuart G. Stubblebine. A Note on the Use of Timestamps as Nonces. Operating Systems Review, 27(2):10-14, April 1993. (unrefereed) compressed postscript
Tom Yu, Sam Hartman, and Ken Raeburn. The Perils of Unauthenticated Encryption: Kerberos Version 4. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society, February 2004. PDF, slides (PDF)