Name
Title | ||
|---|---|---|
Specifying Kerberos over EAP: Towards an integrated network access and Kerberos single sign-on process |
Abstract | ||
|---|---|---|
Kerberos is a widely deployed authentication system used for authenticating users to various types of applica- tion services in open networks. Network access on the other hand is a service that is generally handled separately using authentication frameworks based on the Extensible Authen- tication Protocol (EAP). The EAP protocol specified by the IETF in RFC3748 is well on its way to becoming an in- dustry standard for network access control. It provides an extensible, link layer agnostic protocol for carrying vari- ous authentication methods. In this paper, we design the integration of the Kerberos protocol as an authentication method in existing EAP-based authentication frameworks. We define the architectural elements and their interactions, then we specify the encapsulation of Kerberos messages in EAP packets. The use of Kerberos as an EAP authentication mechanism allows institutions managing their individuals using a Kerberos system to re-use the same credentials for network access authentication instead of managing a dif- ferent set of credentials such as Unix passwords or public key certificates. Moreover, the proposed framework allows users to sign-on in the network as a consequence of suc- cessful network access authentication, eliminating the need for additional login procedures necessary for accessing ap- plication services. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1109/AINA.2007.130 | AINA |
Keywords | Field | DocType |
access protocols,authorisation,formal specification,message authentication,Kerberos message encapsulation,Kerberos protocol,Kerberos single sign-on process,Kerberos specification,Kerberos system,authentication frameworks,authentication system,extensible authentication protocol,integrated network access,link layer agnostic protocol,login procedures,network access authentication,network access control,open networks,user authentication | Lightweight Extensible Authentication Protocol,Challenge-Handshake Authentication Protocol,Computer security,Challenge–response authentication,Computer science,Computer network,Generic Security Service Algorithm for Secret Key Transaction,Kerberos,Authentication protocol,Protected Extensible Authentication Protocol,Multi-factor authentication | Conference |
ISBN | Citations | PageRank |
0-7695-2846-5 | 3 | 0.47 |
References | Authors | |
4 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Saber Zrelli | 1 | 9 | 2.50 |
| Yoichi Shinoda | 2 | 554 | 139.63 |