The Protocol Used to Verify the Authentication



next up previous contents
Next: The Principals Up: Properties of Distributed Previous: Properties of Distributed

The Protocol Used to Verify the Authentication

There are three types of accesses or logins that can be discussed in a network. The first is the local login. This is where the user authenticates himself to the local system (called the client here), usually by supplying a password (although interest in using smartcards/tokens is growing). The second type of login is the remote login. This is when the user from a local system logs into a remote system. For example a user might use a telnet service to login to a remote system. The third type of access that requires authentication is a client/server request. An example of this is when a user mounts on his local machine a remote file system and makes requests to access those files. The protocols used for each of these accesses will be examined for both Kerberos and Secure RPC.

Woo [WL92] defines a protocol as a ``precisely defined sequence of communication and computation steps. A communication step transfers messages from one principal (sender) to another principal (receiver), while a computation step updates a principal's internal state. Two distinct states can be identified upon protocol termination, one signifying successful authentication and the other failure''. The following format is used to describe the protocols for each system. A communication step ``U H : username'' defines that a user (U) sends to a host (H) a password. A computation step ``H: compute oneway(password)'' defines that a host computes a one-way function of a password.



John Barkley
Fri Oct 7 16:17:21 EDT 1994