Check out the new USENIX Web site. next up previous
Next: S/Key Up: Kerberos Previous: Kerberos

Practical Uses

The simplest use of Kerberos is to authenticate users locally on a workstation. The login, xdm, and su programs in OpenBSD have the necessary code to allow Kerberos authentication. The next step is to provide authentication for network protocols. The rlogin, rsh, and telnet programs have been modified to use Kerberos. In addition to that, they can use the session key, obtained in the authentication phase, to encrypt the data-stream for privacy. Another very practical use is in ``kx'' - a protocol to authenticate and forward X11 connections in a secure way. Other programs using Kerberos for authentication include cvs, sudo, and xlock. Kerberos authentication is also used in AFS.

One of our future goals is to allow kerberized applications to use IPsec services when possible, thus avoiding double-encryption (and consequently degraded performance). Furthermore, we intend to integrate the Kerberos 5 clone being developed at KTH as soon as it is stable, especially since Kerberos IV only supports DES [26] encryption.



& D. Keromytis
4/26/1999