Title: Charon: Kerberos Extensions For Authentication Over
Secondary Networks 
Authors: Derek A. Atkins    
File name:pubdocauthenticationDerek_Atkins-Charon.ps.Z  
File size: 205025 bytes  

Abstract: This thesis describes extensions to the
Kerberos Authentication System to enable a secure method of
Authentication over multiple networks. Kerberos was designed with
a fully-connected IP network in mind, however when you add dialup
capabilities to the picture, Kerberos doesn't expand to secure
the whole connection.  Charon was created to tackle this problem. 
It was developed to provide a way to securely authenticate to a
login server over a modem connection, without allowing a passive
attacker to gain enough information to impersonate the user. 
This means that a user can log into a Kerberized host without
typing his password in clear-text over the phone.  In addition,
no modifications to the login server's base operating system need
to be made in order to accomplish this.