Architectures & Technologies ...
Kerberos
- Features
- Three Party Ticket Authentication Model
- Private Key Encrypted Tickets used as Credentials
- Reduces Logins and Exposure to Password Sniffing
- Time Limits on Session Tickets
- Scalable/Interoperable Authentication
- Problems
- Seamless Web Integration
- Limited Desktop Support
- User Education
- Unix and K4 to K5 Migration
Notes:
Kerberos provides excellent secure authentication using a three party handshake between the client, security server and service. It does not provide encrypted communication channels once authentication is completed. Kerberos credentials (tickets) once obtained can be used to initiate new sessions without re-submitting account name and password. Because version 5 of Kerberos uses a different “crypt” function than the Unix password system or Kerberos version 4, migration can be a problem for large populations. There is also limited desktop client support as well as end user education issues that must be resolved. This may be addressed in Microsoft’s future Kerberos integration in their Windows and Internet Explorer product lines.
http://web.mit.edu/kerberos/www.index.html