The use of Encryption in Kerberos for Network Authentication
In a workstation environment, the user often has complete control over the worksta- tion. Workstation operating systems therefore cannot be trusted to accurately identify their users. Some other method of authentication is needed, and this motivated the design and implementation of the Kerberos authentication service.
Kerberos is based on the Needham and Schroeder trusted third-party authentication model, using private-key encryption. Each user and network server has a key (like a password) known only to it and the Kerberos database. A database server uses this knowledge to authenticate network entities to one another.
The encryption used to achieve this authentication, the protocols currently in use and the protocols proposed for future use are described.
- Steven P. Miller. Private communication.Google Scholar
- Steven P. Miller, B. Clifford Neuman, Jeffrey I. Schiller, and Jerome H. Saltzer. Section E.2.1: Kerberos Authentication and Authorization System. Project Athena Technical Plan, December 1987.Google Scholar
- Roger M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, 21(12):993–999, Dec 78.Google Scholar
- National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standards Publication, 46, 1977.Google Scholar
- National Bureau of Standards. DES Modes of Operation. Federal Information Processing Standards Publication, 81, 1980.Google Scholar
- Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. Usenix Conference Proceedings, pages 183–190, February 1988.Google Scholar
- R. W. Watson. Timer-Based Mechanisms in Reliable Transport Protocol Connection Management. Computer Networks, 5, 1981.Google Scholar