Kerberos Design

Cid Carlos Carlos.Cid at
Thu Sep 2 05:06:53 EDT 2004


You may want to have a look at these:

- Designing an Authentication System: a Dialogue in Four Scenes
- Limitations of the Kerberos Authentication System, Steven M. Bellovin, and
Michael Merrit, 1991 




I'm currently looking into implementing a single sign-on solution for
distributed services. 

The requirement profile seems to somewhat fit Kerberos, but I'm not entirely
convinced that I can use it in my scenario - which can't simply run an
off-the-shelf KDC and use UDP for communication with it.

However, years of reading various crypto resources have strongly conditioned
me against simple-minded attempts to "roll my own" as a crypto dilletante.

I've been trying to study Kerberos' design history in the recent past and
have failed to come up with a good resource that explains why things are
built the way they are. 

Since I'm already using OpenSSL for various SSL/x.509 related things, I'm
most astonished by the almost total absence of public key cryptography in
Kerberos, and I haven't been able to find out why this design choice was
made - performance reasons, given that at its inception public key operation
cost was probably much more prohibitive?

So, I'd like to ask the audience:

- Is there a good web/book/whatever resource regarding the design
  of Kerberos? Amazon offers the O'Reilly book, which, from the 
  abstract, seems to take the cryptographic design of Kerberos as 
  a given and concentrates on its usage, and another one that also
  doesn't seem to give much detail on the issue. Something in the
  direction of EKR's SSL/TLS book would be very much appreciated.

- Is Kerberos a sane choice to adapt for such solutions today?
  Is there anything more recent that I should be aware of?

[*Thomas  Themel*] 
[extended contact] But let your communication be, Yea, yea; Nay, nay: 
[info provided in] for whatsoever is more than these cometh of evil.
[*message header*]      - Matthew 5:37

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list