[Next] [Up] [Previous]
Next: The Role of Up: Access Control and Previous: One-time passwords

Network Authentication: Kerberos

When a doctor walks up to a workstation to access the record of a patient, it is almost certainly going to be the case that the data will not be stored locally within the workstation, but will instead be across the network someplace. Because communication will need to take place between the client workstation and the server system where the data actually resides, the user will need to authenticate themselves to the server system, and not the client system. If a password is used, then it will be transmitted across a network in cleartext, and open to eavesdropping. [+] One system that is designed to address this problem is the Kerberos system developed at MIT. The major drawback of Kerberos is that it requires a common security policy among all systems using it, and a common ``key server'' for supplying encrypted tokens. This can cause problems in a heterogenous environment where machines are constantly entering and leaving the network, and can also be a performance bottleneck.

Kevin S. McCurley
Sat Mar 11 16:00:15 MST 1995