Kerberos Site Model

Kerberos system model

The basic, central, essential model of the Kerberos system puts the initial password authentication on the user's workstation, on a per session basis. I'm going to use the term kinit for this, the the MIT Kerberos UNIX client that takes your password and gets a tgt.

This is essential to the only security improvement that Kerberos actually provides, which is that the password is no longer sent out on the network. Without this improvement, Kerberos is a step backwards in overall security, with its credential cache files and lack of any useful limit to session duration. Unfortunately, in practice there are many circumstances where a less satisfactory model is the best we can do.

X terminals. Our NCD X terminals will never support Kerberos 5. We should 1) put kinit in xdm on subnet-local hosts (like melville), and 2) move to UNIX PC for X support, including the labs (this is practical and has other benefits.)
Personal computers that can't run Kerberos at all. Some platforms just will never have Kerberos ported to them, or more often the configuration doesn't have the resources required. We need to keep track of basic requirements - OS and TCP version levels, disk and memory resources.
Missing clients and services. In some cases this means no client at all is available for the indicated environment, and in other cases it's just not the user's favorite client. We need to keep track of Kerberos 5 compatible software.

There are also some grey areas where it's not clear just how to make the model work. One that comes to mind:

PPP. Hypothetically: My NetBSD Kerberos workstation uses a PPP network connection. The campus terminal server on the other end of that connection is part of my Kerberos cell. It authenticates my identity before establishing the connection, acquires a tgt and hands it over to me. How? Is there something in PAP that can be used for that?
Other realms. We can expect to run into other entities doing Kerberos out there. That's great, because our client infrastructure will be OK, as long as it's not too hard to work with a couple of realms at once.