Title :
Extensible Pre-authentication Kerberos
Author :
Hellewell, P.L. ; van der Horst, T.W. ; Seamons, K.E.
Author_Institution :
Brigham Young Univ., Provo
Abstract :
Kerberos is a well-established authentication system. As new authentication methods arise, incorporating them into Kerberos is desirable. However, extending Kerberos poses challenges due to a lack of source code availability for some implementations and a lengthy standardization process. This paper presents Extensible Pre-Authentication in Kerberos (EPAK), a Kerberos extension that enables many authentication methods to be loosely coupled with Kerberos, without further modification to Kerberos. To demonstrate the utility of the framework, two authentication methods for open systems are presented that have been implemented as Kerberos extensions using EPAK. These extensions illustrate the flexibility EPAK brings to Kerberos while maintaining backwards compatibility.
Keywords :
distributed processing; message authentication; Kerberos; authentication methods; authentication system; extensible preauthentication; source code availability; Application software; Authentication; Computer security; Cryptography; Government; Internet; Open systems; Protocols; Scalability; Standardization;
Conference_Titel :
Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
978-0-7695-3060-4
DOI :
10.1109/ACSAC.2007.33
