1

Consider the diagram in https://en.wikipedia.org/wiki/Kerberos_(protocol)#/media/File:Kerberos_protocol.svg depicting the Kerberos protocol. I'm wondering how the authentication server (AS) is useful.. Couldn't we drop the messages A, B, C, D and simply use the client key K_c (green) instead of K_C-TSG (red) to encrypt message F? I.e., the client would directly request the service from the TGS and authentication and authorization is directly handled in one message, instead of 3.

Improve this question

1 Answer 1

Reset to default
1

Theoretically, the AS and the TGS can be set up together (even on the same physical machine), and I think that in small systems you may spare some messages. This can also be seen in the image along the dashed line. Also see the Needham–Schroeder protocol [1] that uses a two-way handshake with the AS (Kerberos is based on this protocol and improves it).

However, the TGS meets the essential requirements that Kerberos provides:

  • Scalability - The system must support a large number of servers and clients. Only one server is a bottleneck.
  • Separation of duties - the AS shares a key with the clients (which is usually derived from the client's password), the TGS holds a key with the servers. The AS verifies the identity of the client and the TGS "links" it with the server.
  • Hierarchical structure - typical organizations have hierarchical structure. Kerberos allows you to have a single AS and multiple TGSs, which fits a typical organizational structure.

[1] https://en.wikipedia.org/wiki/Needham%E2%80%93Schroeder_protocol

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.