Kerberos for Wireless Authentication
Saber Zrelli
zrelli at jaist.ac.jp
Fri Jun 3 14:10:12 EDT 2005
Hi ,
* On 12:13, Thu 02 Jun 05, Sam Hartman wrote:
> >>>>> "Saber" == Saber Zrelli <zrelli at jaist.ac.jp> writes:
>
> Saber> There is however a draft called "IAKERB" that provides
> Saber> pass-through authentication using kerberos
> Saber> (http://watersprings.org/pub/id/draft-ietf-cat-iakerb-08.txt),
> Saber> that can do the trick.
> Note that this draft has been rejected by this working group and is no
> longer an ongoing effort. Some party could choose to fix the problems
> in that draft and attempt to bring it back, but last time this came up
> no one offered to do that work.
I think that the problem tagetted by IAKERB are a big obstacle that
limit the scenarions where Kerberos can be used.
Specially, concerning wireless access networks, Kerberos can be very
convenient due to the fact that tickets have life-times, which means
that clients do not need to ride the full authentication path each
time they perform a hand-over. Current methods based on EAP, are
defining context transfer protocols to attack the problem related to
the latency of handovers ( CTP for PANA in PANA wg ). Kerberos IMHO,
can offer fast handover in wireless access networks, but it requires
some complementary protocols such as IAKERB.
I really think that working on this axis should be amongst the
milestones of kerberos wg.
Regards.
--
Saber ZRELLI <zrelli at jaist.ac.jp>
Japan Advanced Institute of Science and Technology
Center of Information Science
Shinoda Laboratory
url : http://www.jaist.ac.jp/~zrelli
gpg-id : 0x7119EA78
More information about the Kerberos
mailing list