A distributed expansible authentication model based on Kerberos |
| |
| Authors: | Hongjun Liu Ping Luo Daoshun Wang |
| |
| Affiliation: | aTsinghua National Laboratory for Information Science and Technology (TNlist), Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China;bMulti-Media Department, Sino-I Technology Limited, Beijing 100176, China |
| |
| Abstract: | There is a potential server bottleneck problem when the Kerberos model is applied in large-scale networks because the model uses centralized management. To enlarge its application scope, researchers must consider how to build a trust relation among those Kerberos servers located on different isolated domains, but have not provided a way to prevent the potential bottleneck that can occur with Kerberos servers. With the development of across-domain authentication techniques, the local server bottleneck problem has not been alleviated; in fact, it has become more serious.Adopting the rigorous binary tree code algorithm, we present an authentication model based on Kerberos. Compared with similar models, our model has several advantages. First, it overcomes the potential server bottleneck problem and can balance the load automatically. Second, it can process across-domain authentication and enlarge the authentication boundary. Finally, its authentication path is short, with no more than two Kerberos servers being involved when authenticating a user. |
| |
| Keywords: | Identity authentication Expansibility Kerberos Rigorous binary tree code algorithm Server bottleneck |
| 本文献已被 ScienceDirect 等数据库收录! |
|
