Chapter 10. Kerberos Futures
Kerberos is constantly evolving
to integrate new technologies and thwart new threats. As a result,
the Kerberos working group has developed several extensions to the
base Kerberos 5 protocol to provide the necessary capabilities to
continue using Kerberos in the future. These protocol extensions are
currently available as Internet Drafts from the IETF. The principal
draft is the Kerberos Clarifications, which will replace the current
RFC 1510 as the authoritative document for Kerberos protocol
implementers. While the Kerberos Clarifications is true to its name
and, for the most part, simply provides a more concise and clear
description of the current protocol, it also contains new
recommendations and small protocol changes that result from years of
practical implementation experience and security reviews. Other
related draft documents describe more dramatic protocol extensions
that are optional.
The current home page of the Kerberos Clarifications is the Kerberos
page at the USC Center for Computer Systems Security, located at
Additionally, current Internet Drafts can be downloaded from the IETF
home page at http://www.ietf.org.
The index to the current Internet Drafts issued by the Kerberos
working group is located at http://www.ietf.org/ids.by.wg/krb-wg.html.
Readers interested in a more technical discussion of these proposals
are encouraged to read the Internet Drafts published at the IETF and
USC Kerberos sites.