[31477] in Kerberos
RE: Network Security Protocol like Kerberos
daemon@ATHENA.MIT.EDU (Thomas Hardjono)
Wed Sep 16 15:59:03 2009
From: Thomas Hardjono <hardjono@mit.edu>
To: dxv7631 <magicaldev@gmail.com>, "kerberos@mit.edu" <kerberos@mit.edu>
Date: Wed, 16 Sep 2009 15:58:24 -0400
Message-ID: <84CCEFE8EA8A94499391B96064A1B24D12C28AEDC6@w92expo4.exchange.mit.edu>
In-Reply-To: <25462467.post@talk.nabble.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
________________________________________
>> From: kerberos-bounces@MIT.EDU [kerberos-bounces@MIT.EDU] On Behalf Of dxv7631 [magicaldev@gmail.com]
>> Sent: Tuesday, September 15, 2009 5:51 PM
>> To: kerberos@mit.edu
>> Subject: Network Security Protocol like Kerberos
>> Hi All,
>> I have a simple question regarding Kerberos. Is there any Network Security
>> Protocol like Kerberos? If yes please give some examples.
>> --
You may need to be specific about the term "network".
If you are looking for a plain IP layer (layer 3) pair-wise authentication
protocol there is IKE (for IPsec) and some password based protocols that can
be used at the IP layer (e.g. CHAP).
If you are looking at layer-2 and "layer 2.5", there is a whole
slew of pair-wise "authentication protocols" that are enveloped
within the EAP protocol (as EAP-methods).
Examples: EAP-TLS, EAP-TTLS, EAP-FAST, etc. etc.
Plus there is the IEEE802 related MAC-layer security protocols.
There is no reason why one could not run EAP directly above IP.
If you are looking for a "network admission/control protocol" (which
includes the end-point authentication), then you should look
at the NAE (TNC) set of protocols in the IETF NEA WG.
Its vendor/proprietary counterpart is CNAC (Cisco) and NAP (Microsoft).
/thomas/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
