Kerberos Design

[Thomas Themel]

Hi,

I'm currently looking into implementing a single sign-on solution for
distributed services. 

The requirement profile seems to somewhat fit Kerberos, but I'm
not entirely convinced that I can use it in my scenario - which can't
simply run an off-the-shelf KDC and use UDP for communication with it.

However, years of reading various crypto resources have strongly
conditioned me against simple-minded attempts to "roll my own" as a
crypto dilletante.

I've been trying to study Kerberos' design history in the recent past
and have failed to come up with a good resource that explains why things
are built the way they are. 

Since I'm already using OpenSSL for various SSL/x.509 related things,
I'm most astonished by the almost total absence of public key
cryptography in Kerberos, and I haven't been able to find out why this
design choice was made - performance reasons, given that at its
inception public key operation cost was probably much more prohibitive?

So, I'd like to ask the audience:

- Is there a good web/book/whatever resource regarding the design
  of Kerberos? Amazon offers the O'Reilly book, which, from the 
  abstract, seems to take the cryptographic design of Kerberos as 
  a given and concentrates on its usage, and another one that also
  doesn't seem to give much detail on the issue. Something in the
  direction of EKR's SSL/TLS book would be very much appreciated.

- Is Kerberos a sane choice to adapt for such solutions today?
  Is there anything more recent that I should be aware of?

thanks,
-- 
[*Thomas  Themel*] 
[extended contact] But let your communication be, Yea, yea; Nay, nay: 
[info provided in] for whatsoever is more than these cometh of evil.
[*message header*]      - Matthew 5:37
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20040901/143cce35/attachment.pgp>