next up previous
Next: 3.8.6 What are RC2 Up: 3.8 Misceallenous Previous: 3.8.4 What is SHS?

3.8.5 3..8..5. What is Kerberos?

Kerberos is a secret-key network authentication system developed at MIT; it uses DES for encryption and authentication. Unlike a public-key authentication system, it does not produce digital signatures: Kerberos was designed to authenticate requests for network resources rather than to authenticate authorship of documents. Kerberos provides real-time authentication in a distributed environment, but does not provide for future third-party verification of documents.

In a Kerberos system, there is a designated site on the network, called the Kerberos server, which performs centralized key management and administrative functions. The server maintains a database containing the secret keys of all users, generates session keys whenever two users wish to communicate securely, and authenticates the identity of a user who requests certain network services.

Kerberos, like other secret-key systems, requires trust in a third party, in this case the Kerberos server. If the server were compromised, the integrity of the whole system would fall. Public-key cryptography was designed precisely to avoid the necessity to trust third parties or communication lines (see Question 3.1.4). Kerberos may be adequate for those who do not need the more robust functions and properties of public-key systems.


next up previous
Next: 3.8.6 What are RC2 Up: 3.8 Misceallenous Previous: 3.8.4 What is SHS?
Denis Arnaud
12/19/1997