First page Back Continue Last page Overview Graphics
Kerberos caveats
Kerberos server can impersonate anyone
AS is a single point of failure
AS could be a performance bottleneck
- Everyone needs to communicate with it frequently
- Not a practical concern these days
- Having multiple AS’s alleviates the problem
If local workstation is compromised, user’s password could be stolen by a trojan horse
- Only use a desktop machine or laptop that you trust
- Use hardware token pre-authentication
Kerberos vulnerable to password guessing attacks
- Choose good passwords!
- Use hardware pre-authentication
- Hardware tokens, Smart cards etc