S. M. Bellovin
Abstract
The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by other organizations. Despite Kerberos's many strengths, it has a number of limitations and some weaknesses. Some are due to specifics of the MIT environment; others represent deficiencies in the protocol design. We discuss a number of such problems, and present solutions to some of them. We also demonstrate how special-purpose cryptographic hardware may be needed in some cases.
Index Terms
- Limitations of the Kerberos authentication system
Recommendations
Public-Key Cryptography Enabled Kerberos Authentication
DESE '11: Proceedings of the 2011 Developments in E-systems EngineeringKerberos is a trusted third party authentication protocol based on symmetric key cryptography. This paper studies how Kerberos authentication standard can be extended to support public key cryptography. The paper aims to do this by implementing the most ...
Using Kerberos to provide secure authentication for DB2
CASCON '11: Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative ResearchDuring your average day, how many times do you need to type in a username and password? It's common for this to be at least a dozen times, and quite often many more. Wouldn't you prefer to do it only once, when you log into your operating system? This ...
Comments