Quote: Andrew uses authentication tokens to prove identity; like a capability; established by secret and clear tokens

Quotation Skeleton

An authentication token [for Andrew] is an object whose … [A user receives a pair of authentication tokens from an authentication server in order to perform secure RPCs. This is done using a user's password as the handshake key]. [An authentication token] is like a Capability [Jones and Wolf, Softw. Pract. Exper. 1975] in that no consultation … that it establishes identity rather than granting rights. … [One token is Secret the other is Clear. They contain the user's Vice id, a handshake key, a unique handle, and validity timestamps for 24 hours. The secret token also contains a self-identification string and random bits. The secret token is encrypted by a key known to the authentication server and Vice file servers. For establishing RPC connections, the secret token is ClientIdent while the clear token is the handshake key. ... [p. 278] For version … used for authentication.   Google-1   Google-2

Copyright clearance needed for quotation.

Additional Titles

Quote: Andrew will adopt Kerberos' authentication procedure; for standardization

Related Topics

Topic: authentication (87 items)
Topic: security by capabilities (65 items)