Difference between revisions of "Projects/FAST"
From K5Wiki
< Projects
SamHartman (talk | contribs) (New page: {{project-early}} [http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-fw.txt FAST] is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-a...) |
KenRaeburn (talk | contribs) m (fix case) |
||
Line 1: | Line 1: | ||
{{project-early}} |
{{project-early}} |
||
− | [http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-fw.txt FAST] is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. |
+ | [http://tools.ietf.org/internet-drafts/draft-ietf-krb-wg-preauth-fw.txt FAST] is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. FAST provides increased resistance to passive passive password guessing attacks. |
==Functional requirements== |
==Functional requirements== |
Revision as of 11:47, 8 January 2008
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
FAST is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armoured KDC messages. FAST provides increased resistance to passive passive password guessing attacks.
Contents
Functional requirements
- Implement FAST and the appropriate timestamp mechanism that is standardardized by the working group.
- Provide a plugin interface so that third parties can write FAST factors.
- Implement Anonymous Pkinit
Plugin interface
The plugin interface needs to be suitable to be a public API.
Design
This project or section is a stub and needs additional work before this project can be considered.
This design would need to cover the following elements:
How are host tickets obtained? Do we just use anonymous pkinit all the time or do we cache host tickets to use? If so, how is privilege separation handled?
API for plugin interface
External Dependencies
The FAST proposal has not yet been approved by the IETF.