Abstract
Kerberos is a widely deployed authentication system used for authenticating users to various types of application services in open networks. Network access on the other hand is a service that is generally handled separately using authentication frameworks based on the extensible authentication protocol (EAP). The EAP protocol specified by the IETF in RFC3748 is well on its way to becoming an industry standard for network access control. It provides an extensible, link layer agnostic protocol for carrying various authentication methods. In this paper, we design the integration of the Kerberos protocol as an authentication method in existing EAP-based authentication frameworks. We define the architectural elements and their interactions, then we specify the encapsulation of Kerberos messages in EAP packets. The use of Kerberos as an EAP authentication mechanism allows institutions managing their individuals using a Kerberos system to re-use the same credentials for network access authentication instead of managing a different set of credentials such as Unix passwords or public key certificates. Moreover, the proposed framework allows users to sign-on in the network as a consequence of successful network access authentication, eliminating the need for additional login procedures necessary for accessing application services.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
