Network Security Protocol like Kerberos

Thomas Hardjono hardjono at MIT.EDU
Wed Sep 16 15:58:24 EDT 2009


________________________________________
>> From: kerberos-bounces at MIT.EDU [kerberos-bounces at MIT.EDU] On Behalf Of dxv7631 [magicaldev at gmail.com]
>> Sent: Tuesday, September 15, 2009 5:51 PM
>> To: kerberos at mit.edu
>> Subject: Network Security Protocol like Kerberos

>> Hi All,
>> I have a simple question regarding Kerberos. Is there any Network Security
>> Protocol like Kerberos? If yes please give some examples.
>> --

You may need to be specific about the term "network".

If you are looking for a plain IP layer (layer 3) pair-wise authentication
protocol there is IKE (for IPsec) and some password based protocols that can
be used at the IP layer (e.g. CHAP).

If you are looking at layer-2 and "layer 2.5", there is a whole
slew of pair-wise "authentication protocols" that are enveloped
within the EAP protocol (as EAP-methods).
Examples: EAP-TLS, EAP-TTLS, EAP-FAST, etc. etc.
Plus there is the IEEE802 related MAC-layer security protocols.
There is no reason why one could not run EAP directly above IP.

If you are looking for a "network admission/control protocol" (which
includes the end-point authentication), then you should look
at the NAE (TNC) set of protocols in the IETF NEA WG.
Its vendor/proprietary counterpart is CNAC (Cisco) and NAP (Microsoft).

/thomas/







More information about the Kerberos mailing list