Re: Why is Kerberos ever used, rather than modern public key cryptography?



On 2010-03-10, Joseph Ashwood <ashwood@xxxxxxx> wrote:
"chris" <where.you.wanna.be@xxxxxxxxx> wrote in message
news:f26e203e-3a1e-4d4e-b83e-64c7be73666a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
It's possible that I've misunderstood it, but Kerberos seems like a
hassle in comparison to modern public key cryptography, and they seem
to accomplish similar goals. Where is the distinction drawn?

Kerberos is actually a very sophisticated system, with many capabilities
beyond a simple public key system. Kerberos is about authenticating people
based on a small secret, this secret can be kept on a smartcard and it can

Either way you have to have an entity you can trust, either the Kerberos
server or the server that gives out the public keys. Kerberos was developed
and was free back when public key was still encumbered by patents and
licenses.
.



Relevant Pages

  • Re: Unix (pam) authorization with required public key
    ... You probably should have a look at kerberos and limit your ssh server to ... and others like public key authentication. ... I don't want to setup authorization through a public key. ...
    (SSH)
  • Re: Six Kerberos/OS X/SSH observations and questions
    ... >>3) I've had public key SSH logins working well between all three boxes ... > Kerberos has the following advantages, which may or may not be of interest ... > has been using public key pairs for authentication, ...
    (comp.security.ssh)
  • Re: Globus/GSI versus Kerberos
    ... > was really driven politically from the top, and he thought Kerberos ... password and then used digital signature authentication with the onfile ... public key. ... an authentication & authorization business process infrastructure. ...
    (comp.protocols.kerberos)
  • Re: Encoding / decoding strings
    ... server then can extract from them, ... There are several ways to accomplish this - your MD5-suggestion is applyable ... when working with a simple secret and by creating an additional parameter. ... either symetric or public key - I'm not an expert on that though. ...
    (comp.lang.python)
  • Re: SSH version 2 "Server refused our key" error
    ... AFAIK, the public key should be copied to $HOME/.ssh/authorized_keys, ... > RhostsRSAAuthentication no ... > # To disable tunneled clear text passwords, ... > # Kerberos TGT Passing does only work with the AFS kaserver ...
    (SSH)