This page contains citations and references to information aboutKerberos and related systems.
Bill Bryant. Designing an Authentication System: a Dialogue inFour Scenes. 1988. Afterword by Theodore Ts'o, 1997.html
Brian Tung. The Moron's Guide to Kerberos.html
B. Clifford Neuman and Theodore Ts'o.Kerberos: An Authentication Service for Computer Networks,IEEE Communications,32(9):33-38. September 1994. html
John T. Kohl, B. Clifford Neuman, and Theodore Y. T'so,The Evolution of the Kerberos Authentication System.InDistributed Open Systems, pages 78-94.IEEE Computer Society Press, 1994.text ,postscript
John Kohl and B. Clifford Neuman. The Kerberos NetworkAuthentication Service (Version 5). Internet Request for Comments RFC-1510.September 1993.text
John Linn. The Kerberos Version 5 GSS-API Mechanism. Internet Requestfor Comments RFC 1964.text
Clifford Neumann. The Kerberos Network Authentication Service (V5).Internet Draft ietf-cat-kerb-kerberos-revision-04.txt,June 1999.text
Marc Horowitz. Kerberos Change Password Protocol,Internet Draft ietf-cat-kerb-chg-password-00, March 1997.text
B. Clifford Neuman, Brian Tung, and John Wray. Public Key Cryptography for Initial Authentication in Kerberos,Internet Draftietf-cat-kerberos-pk-init-09, July 1999.text
B. Clifford Neuman and Glen Zorn. Integrating One-time Passwordswith Kerberos,Internet Draftietf-cat-kerberos-passwords-02, April 1995.text. (Note:expired, new draft not yet available.)
J. Linn, Generic Security Service Application Program InterfaceVersion 2, Update 1. Internet Request for CommentsRFC-2743. (Obsoletes RFC2078) January 2000.text
J. Wray, Generic Security Service API Version 2 :C-bindings. Internet Request for Comments RFC-2744 (ObsoletesRFC1509) January 2000.text
B. Clifford Neuman. Proxy-Based Authorization and Accounting forDistributed Systems. InProceedings of the 13th InternationalConference on Distributed Computing Systems, pages 283-291, May 1993.postscript,compressed postscript
Marlena E. Erdos and Joseph N. Pato. Extending the OSF DCEAuthorization System to Support Practical Delegation. InProceedings of the 1993 PSRG Workshop on Network and DistributedSystem Security, February 1993. postscript
Bill Bryant. Designing an Authentication System: a Dialogue inFour Scenes. 1988. Afterword by Theodore Ts'o, 1997.html
J. G. Steiner, B. Clifford Neuman, and J.I. Schiller. Kerberos: AnAuthentication Service for Open Network Systems. InProceedings of the Winter 1988 Usenix Conference.February, 1988. (Version 4)text ,postscript
B. Clifford Neuman and Jennifer G. Steiner. Authentication ofUnknown Entities on an Insecure Network of Untrusted Workstations.InProceedings of the Usenix Workshop on Workstation Security,Portland, OR. August, 1988.postscript
S.P. Miller, B. C. Neuman, J. I. Schiller, and J.H. Saltzer. SectionE.2.1:Kerberos Authentication and Authorization System. ProjectAthena Technical Plan, MIT Project Athena, Cambridge, Massachusetts,October 1988. (Version 4)text ,postscript
S. M. Bellovin and M. Merritt. Limitations of the KerberosAuthentication System. InProceedings of the Winter 1991 UsenixConference. January 1991.postscript
B. Clifford Neuman and Stuart G. Stubblebine. A Note on the Use ofTimestamps as Nonces.Operating Systems Review, 27(2):10-14,April 1993. (unrefereed)compressed postscript
Tom Yu, Sam Hartman, and Ken Raeburn. The Perils ofUnauthenticated Encryption: Kerberos Version 4. InProceedings of the Network and Distributed SystemSecurity Symposium. The Internet Society, February2004.PDF,slides (PDF)