Talk:Kerberos: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
(comment)
imported>Sandy Harris
(comment)
Line 23: Line 23:
:: Kerberos has very different functions than PGP. Including PGP support in a mail client is useful, arguably essential; including Kerberos is not.
:: Kerberos has very different functions than PGP. Including PGP support in a mail client is useful, arguably essential; including Kerberos is not.
:: However, what if you want a network login — I can log in at any end-user machine (X terminal, desktop PC, ...) with the same ID and get the same access to server resources — printers, shared files, ...? PGP cannot give you that; Kerberos can. Its goal is not just to provide secure session keys but to provide mechanisms for managing identities and privileges. Given that goal, you must have some sort of central server to manage IDs so they are visible across the network and to manage privileges — keep the engineers out of the personnel data, allow teachers access to some things students cannot see, etc.
:: However, what if you want a network login — I can log in at any end-user machine (X terminal, desktop PC, ...) with the same ID and get the same access to server resources — printers, shared files, ...? PGP cannot give you that; Kerberos can. Its goal is not just to provide secure session keys but to provide mechanisms for managing identities and privileges. Given that goal, you must have some sort of central server to manage IDs so they are visible across the network and to manage privileges — keep the engineers out of the personnel data, allow teachers access to some things students cannot see, etc.
:: It is widely used. Here are links for [http://www.sun.com/security/kerberos/index.jsp Sun], [http://developer.apple.com/opensource/kerberosintro.html Apple], [https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA HP] and [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html IBM]. [[User:Sandy Harris|Sandy Harris]] 13:44, 26 November 2009 (UTC)
:: It is widely used. Here are links for [http://www.sun.com/security/kerberos/index.jsp Sun], [http://developer.apple.com/opensource/kerberosintro.html Apple], [https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA HP] and [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html IBM]. [[User:Sandy Harris|Sandy Harris]] 13:48, 26 November 2009 (UTC)

Revision as of 07:49, 26 November 2009

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
To learn how to update the categories for this article, see here. To update categories, edit the metadata template.
 Definition A protocol using a central server to provide two clients with a shared session key, without either client having to publish a public key. [d] [e]
Checklist and Archives
 Workgroup category Computers [Categories OK]
 Subgroup category:  Security
 Talk Archive none  English language variant American English

I just changed the definition to reflect what I think are the key points about this protocol. I'm not an expert in Kerberos, but it looks to me like it has no advantage over a public-key system, and a few serious disadvantages. I'm thinking of adding to the article something like the following paragraph, but I would like to get some feedback first.

Kerberos has largely been replaced by public-key systems. Both have the objective of providing a secret session key to allow encrypted communications between two clients. Both need a central server, one to distribute public keys for each client, the other to hold secret keys for each client. The server with secret keys for all clients must be very secure, much more than is required for the server holding only the public keys of all clients.

See http://en.wikipedia.org/wiki/Kerberos_(protocol)#Drawbacks for more on the disadvantages of Kerberos.

"Authentication Protocols", section 8.3 in Peterson & Davie, Computer Networks, 4th ed. (Morgan Kaufmann, 2007).
"Authentication Protocols", section 8.7 in Tanenbaum, Computer Networks, 4th ed. (Prentice Hall, 2003).
"Authentication and Authorization Controls", R. Bragg, chapter 6 in Network Security: The Complete Reference (McGraw-Hill, 2004).
--David MacQuigg 17:12, 25 November 2009 (UTC)

I think the suggested text above is wrong. For one thing, newer versions of Kerberos do use public key techniques, see for example RFC 4556. For another, it has not "largely been replaced"; it is still extremely widely deployed. As far as I know it is still the basic mechanism used in Windows network authentication.
That said, you are raising valid points. Kerberos has limitations and there are alternatives; both need to be covered. Sandy Harris 10:07, 26 November 2009 (UTC)
I read the introduction to RFC-4556, and it is not clear to me why anyone would want to add a public-key step to an already too-complex protocol. The goal is to provide a secure session key to two parties using an insecure network. That can be done directly, using public keys only, without requiring either party to reveal its secret key. PGP does it this way.
"Largely replaced" may be the wrong choice of words. Microsoft alone would qualify it as "widely deployed". I see that it is not included in Thunderbird (the most popular email client in the open-source community) or in Apple's mail client. Are there any major deployments outside of the Microsoft world?
Maybe we should just say Kerberos has no fundamental advantage over a public-key system, and a few serious disadvantages (listed in the Wikipedia article). This is the kind of fundamental summary information we need in a CZ article, information that is *not* in the textbooks or RFCs. --David MacQuigg 12:49, 26 November 2009 (UTC)
Kerberos has very different functions than PGP. Including PGP support in a mail client is useful, arguably essential; including Kerberos is not.
However, what if you want a network login — I can log in at any end-user machine (X terminal, desktop PC, ...) with the same ID and get the same access to server resources — printers, shared files, ...? PGP cannot give you that; Kerberos can. Its goal is not just to provide secure session keys but to provide mechanisms for managing identities and privileges. Given that goal, you must have some sort of central server to manage IDs so they are visible across the network and to manage privileges — keep the engineers out of the personnel data, allow teachers access to some things students cannot see, etc.
It is widely used. Here are links for Sun, Apple, HP and IBM. Sandy Harris 13:48, 26 November 2009 (UTC)