Kerberos Design

Joseph Ashwood ashwood at
Fri Sep 3 19:23:58 EDT 2004

> I'm currently looking into implementing a single sign-on solution for
> distributed services.

Be brave, there's more convolutions and trappings there than almost anywhere

> Since I'm already using OpenSSL for various SSL/x.509 related things,
> I'm most astonished by the almost total absence of public key
> cryptography in Kerberos, and I haven't been able to find out why this
> design choice was made - performance reasons, given that at its
> inception public key operation cost was probably much more prohibitive?

Actually the primary reason Iv'e heard had more to do with the licensing
costs (at the time they were not free) than with anything else. You will
however find PKI extensions to Kerberos, don't remember the RFC off-hand.

> - Is there a good web/book/whatever resource regarding the design
>   of Kerberos? Amazon offers the O'Reilly book, which, from the
>   abstract, seems to take the cryptographic design of Kerberos as
>   a given and concentrates on its usage, and another one that also
>   doesn't seem to give much detail on the issue. Something in the
>   direction of EKR's SSL/TLS book would be very much appreciated.

>From my understanding Kerberos was originally thrown together at MIT, then
it was broken, and patched, and broken and patched, until it was relatively
recently qualified to be implemented in Windows, so you're not likely to
find much in the way of well thought-out arguments governing the little
details. In fact many of the decisions seem to be based on "My pet project
is . . . ."

> - Is Kerberos a sane choice to adapt for such solutions today?
>   Is there anything more recent that I should be aware of?

Kerberos is a very sane choice, it may not be the cleanest design ever but
it has withstood a great deal of analysis. Actually, I was a member of a
group that was working on a replacement for Kerberos because of it's age and
potential issues in the future, but we fell into substantial disarray, and
eventually it collapsed. Given this, I can confidently say that it is 
unlikely that you will find something in the Kerberos vein taht is newer.

Trust Laboratories
Changing Software Development 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list