Title: Limitations Of The Kerberos Authentication System 
Authors: Steven M. Bellovin  Michael Merritt    
File name:pubdocauthenticationkerberos_limits.ps.Z  
File size: 66705 bytes 

Abstract: The Kerberos authentication system, a part of MIT's
Project Athena, has been has adopted by other organizations.
Despite Kerberos's many strengths, it has a number of limitations
and some weaknesses.  Some are due to specifics of the MIT
environment; others represent deficiencies in the protocol
design.  We discuss a number of such problems, and present
solutions to some of them. We also demonstrate how
special-purpose cryptographic hardware may be needed in some
cases.