You are here

Why do we need Kerberos?

Printer-friendly versionPrinter-friendly version
Note: This is an historical document, dating from the original design of the DICE infrastructure. It's retained here both for interest, and for the sake of the historical record.

Why do we need kerberos ?

Authentication is the process of identifying yourself to the network and is fundamental to the security of computer systems. Without knowing who is requesting an operation it is hard to decide whether the operation should be allowed. Weak authentication systems are authentication by assertion and assume that services and machines cannot be compromised or spoofed and that network traffic cannot be monitored. Strong authentication systems that do not disclose secrets on the network and use encryption are becoming increasingly popular and important.

All Informatics sites used to use weak authentication, where passwords for login and applications (such as mail tools) travelled in clear text from client to server across the network. This kind of weak authentication is very common and has been used for many years in most UNIX installations. It is however completely unsuitable for authentication of users in un-trusted environments, which the increasing use of portable and self-managed machines is creating here.

Our requirement to combine the old user spaces from the pre-existing administrative domains into one single user space for the whole of Informatics means that new account management procedures have had to
be developed, with a review of the security model. The sharing of services by sites across networks not managed directly by us, and support for more intermittently connected and self-managed machines, means there is even more reason to move away from machine and network trust; and we can no longer realistically condone the continued use of weak authentication. Hence an alternative technology and infrastructure must be sought.

Kerberos has:

  • Strong mutual authentication. Secrets are not transmitted across the network. Critical authentication data is encrypted. The client (normally a user) is authenticated to the server and the server is authenticated to the client. The client identity is used to authorize services on the server. The server identity prevents the spoofing and hijacking of services.
  • Single sign-on. A user convenience meaning a single identity and password can be used for many (in principal all if kerberized) school (and potentially University with cross realm support) services with only one login sequence.

There is no real alternative to Kerberos for strong authentication, except through the use of a public key infrastructure (PKI). However PKI is relatively new technology and there is little that is mature enough to be trusted let alone deployed and distributed as a supported production system. Work is being done to add public key support to the Kerberos standard. One-time passwords are too inconvenient for the user to be a realistic internal alternative. The availability of a central Kerberos service that could also authenticate Win2k clients would be very desirable.

Last reviewed: 

System Status

Home dirs (AFS)
Other services
Scheduled downtime

Choose a topic