Internet Security Research Lab

Extensible Pre-Authentication in Kerberos (EPAK)

Kerberos is a well-established authentication system. As new authentication methods arise, incorporating them into Kerberos is desirable. However, extending Kerberos poses challenges due to a lack of source code availability for some implementations and a lengthy standardization process.

Extensible Pre-Authentication in Kerberos (EPAK) is a Kerberos extension that enables many authentication methods to be loosely coupled with Kerberos, without further modification to Kerberos. To demonstrate the utility of the framework, two authentication methods for open systems are presented that have been implemented as Kerberos extensions using EPAK. These extensions illustrate the flexibility EPAK brings to Kerberos while maintaining backwards compatibility.

P. L. Hellewell, T. W. van der Horst, and K. E. Seamons. Extensible Pre-Authentication in Kerberos. 23rd Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.

Masters Thesis: Extensible Pre-Authentication in Kerberos (EPAK). August 2007.

Download the software here.

Internet Security Research Lab

Extensible Pre-Authentication in Kerberos (EPAK)

Archives

Categories

Links

Navigation

Meta