Kerberos 2/6

• Design requirements:

  • Single sign-on (i.e., the password is used only once for the initial login sequence)
  • Passwords are not transmitted in the clear (i.e., the system is resistant against password sniffing attacks)
  • No use of public key cryptography

• In the Kerberos architecture, every realm (security domain) must operate a physically secure environment that hosts a key distribution center (KDC)

• The KDC maintains a database with a secret key Kp for every principal P

Previous slide

Next slide

Back to first slide

View graphic version