Extensible Pre-authentication Kerberos

Extensible Pre-authentication Kerberos

Kerberos is a well-established authentication system. As new authentication methods arise, incorporating them into Kerberos is desirable. However, extending Kerberos poses challenges due to a lack of source code availability for some implementations and a lengthy standardization process. This paper...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hellewell, P.L., van der Horst, T.W., Seamons, K.E.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application software
Authentication
Computer security
Cryptography
Government
Internet
Open systems
Protocols
Scalability
Standardization
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Kerberos is a well-established authentication system. As new authentication methods arise, incorporating them into Kerberos is desirable. However, extending Kerberos poses challenges due to a lack of source code availability for some implementations and a lengthy standardization process. This paper presents Extensible Pre-Authentication in Kerberos (EPAK), a Kerberos extension that enables many authentication methods to be loosely coupled with Kerberos, without further modification to Kerberos. To demonstrate the utility of the framework, two authentication methods for open systems are presented that have been implemented as Kerberos extensions using EPAK. These extensions illustrate the flexibility EPAK brings to Kerberos while maintaining backwards compatibility.
ISSN:1063-9527
2576-9103
DOI:10.1109/ACSAC.2007.33