1.4 Evolution

The modern Kerberos protocol has gone through several major revisions since it was first conceived as part of Project Athena. During each revision, major improvements have been made in usability, extensibility, and security.

1.4.1 Early Kerberos (v1, v2, v3)

The early versions of Kerberos (pre-Version 4) were created and used internally at MIT for testing purposes. These implementations contained significant limitations and were only useful to examine new ideas and observe the practical issues that arose during development and testing.

1.4.2 Kerberos 4

The first version of Kerberos distributed outside of MIT was Kerberos 4. First released to the public on January 24, 1989, Kerberos 4 was adopted by several vendors, who included it in their operating systems. In addition, other, large distributed software projects such as the Andrew File System adopted the concepts behind Kerberos 4 for their own authentication mechanisms.

The basics of what was to become the Kerberos 4 protocol are documented in the Athena Technical Plan. Ultimately, the details of the protocol were documented through the source code in the reference implementation published by MIT.

However, due to export control restrictions on encryption software imposed by the U.S. government, Kerberos 4 could not be exported outside of the United States. Since Kerberos 4 uses DES encryption, organizations outside of the U.S. could not legally download the Kerberos 4 software as-is from MIT. In response, the MIT development team stripped all of the encryption code from Kerberos 4 to create a specialized, exportable version. Errol Young, at Bond University of Australia, took this stripped version of Kerberos 4 and added his own implementation of DES to create "eBones." Since eBones contained encryption software developed outside of the United States, it was unencumbered by the U.S. encryption export controls, and could be legally used anywhere in the world.

Today, several implementations of Kerberos 4 still exist. The original MIT Kerberos 4 implementation is now in a maintenance mode and officially considered "dead." The kth-krb distribution, developed in Sweden, is still actively developed but it is highly recommended that new installations use the superior Kerberos 5 instead. In this book, coverage of Kerberos 4 is restricted to a discussion of the protocol in Chapter 3. Most of the book covers the next version of Kerberos, Kerberos 5.

1.4.3 Kerberos 5

Kerberos 5 was developed to add features and security enhancements that were not present in Version 4 of the protocol. Kerberos 5 is the latest version of the Kerberos protocol and is documented in RFC 1510.

To correct the deficiencies in the Kerberos 4 protocol, several new features were added. They include:

• A better wire protocol, based on ASN.1

• Credential forwarding and delegation

• Replay cache

• More flexible cross-realm authentication

• Extensible encryption types

• Pre-authentication

(Don't worry, we'll discuss these features in more detail later on, in Chapter 3, Chapter 6, and Chapter 8.)

In addition to the reference implementation by MIT, many other implementations of Kerberos 5 have been developed, some commercial and some open source. The implementations covered in this book include MIT, Heimdal, Microsoft (Windows 2000 and above), and Apple (Mac OS X and above).

Unfortunately, while the rules surrounding encryption export out of the United States have been relaxed on open source software as of January 2000, the MIT distribution is still available to U.S. residents only. Because of the overly cautious actions of the MIT lawyers, a group in Sweden is developing and distributing the Heimdal Kerberos 5 distribution, which is unencumbered by any export control laws.

1.4.4 New Directions

The Kerberos protocol is constantly changing and evolving to incorporate the latest technologies and lessons learned from practical implementation experience, as well as to face new challenges presented by adversaries with ever-increasing computing power available at little cost. Currently, a new set of specifications are being developed by a set of developers who are part of the Internet Engineering Task Force's (IETF) Kerberos working group. As of this writing, the Kerberos working group is in the final stages of writing a document named the Kerberos Clarifications, which will supercede RFC 1510 and become the new Kerberos 5 standard document. The Kerberos Clarifications also includes several new features that will extend the Kerberos protocol, providing for future growth and interoperability with current Kerberos 5 implementations.

In addition to the Kerberos Clarifications, the Kerberos working group is also working on several additional extensions to the Kerberos protocol, published as separate Internet draft documents. Some of these extensions have already been implemented based on earlier versions of the draft, such as the Public Key extensions that Microsoft includes with Windows 2000, XP, and 2003. We will discuss these future directions of Kerberos and some of the new extensions that are being proposed as Internet standards in Chapter 10.

These additional features and refinements to the Kerberos protocol ensure its continued success as the most widely implemented single-sign-on authentication protocol. In addition, through the adoption of Kerberos in the latest versions of Microsoft Windows, Kerberos is now enjoying more widespread popularity in small- and medium-sized networks.