Kerberos n00b question.
Russ Allbery
eagle at eyrie.org
Mon Jan 7 13:53:07 EST 2019
Grant Taylor <gtaylor at tnetconsulting.net> writes:
> On 01/07/2019 10:53 AM, Russ Allbery wrote:
>> The standard solution for this is FAST, which protects the initial
>> authentication against this attack. (You do need some other credential
>> to set up the FAST tunnel, but you can use anonymous Diffie-Hellman via
>> anonymous PKINIT, or you can use a randomized key.)
> Would you please expand (what I assume is) the FAST acronym? I expect
> that there will be quite a few phonetic collisions searching for "FAST".
I think it stands for Flexible and Secure Tunneling. It's defined in:
https://tools.ietf.org/html/rfc6113.html
The keywords "kerberos fast" in Google seem to turn up the right stuff
(rather more than I had expected; I like you was expecting that to be
drowned by performance stuff).
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list