All contents copyrighted © 2007 Jonathan Chen
|
Kerberos a great network authentication protocol, but unfortunately it does not have adequate support for challenge-response
type authentication. There are several reasons why we want to extend Kerberos to support generic challenge-response
authentication:
- Single password database - eliminates the need for complicated password-change procedures and simplifies securing the
single password database.
- Support for legacy programs - Many legacy or closed-source program does not have support for Kerberos, but implements some
type of challenge-response protocol.
- Compatibility with existing Kerberos clients - there is no need to migrate to a new password database, only the Kerberos
server and the application server needs to be upgraded to take advantage of challenge-response.
The KCRAP protocol was invented as a simple means of allowing challenge-response authentications to work with the Kerberos
password database. An additional daemon (kcrapd) is required on the kerberos server, and application servers can link against
the KCRAP library to authenticate users.
Installation instructions can be found in the README file.
Downloads:
NOTE: Although the programs and patches above have been written with security and quality in mind, they should be
considered alpha quality.
Questions, comments, patches, and bug reports can be emailed to me (kcrap+web@spock.org).
Copyright © 2007-2008 Jonathan Chen, All Rights Reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following
disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
This software is provided by the author "as is" and any express or
implied warranties, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose are disclaimed.
In no event shall the author be liable for any direct, indirect,
incidental, special, exemplary, or consequential damages (including, but
not limited to, procurement of substitute goods or services; loss of use,
data, or profits; or business interruption) however caused and on any
theory of liability, whether in contract, strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of
this software, even if advised of the possibility of such damage.
| |