Design And Implementation Of PKI-Based Kerberos Unified Authentication And Authorization System

Computer network is used to share resources, so there are a variety of resources in computer network. It is a very important issue that how to manage these resources safely and effectively to ensure that legitimate users can quickly and easily access resources while preventing unauthorized users from access. One way to manage resources safely is performing authentication before access and performing authorization after authentication. Usually A network owns a variety of authentication and authorization systems, and these systems are often not the same, which makes these systems very inconvenient to manage and use. To solve these problems, this paper studies and implements an authentication and authorization system, which is based on public key and Kerberos protocol model to enforce authentication and authorization uniformly. Kerberos is an authentication protocol which is based on trusted third parties. Because Kerberos-based system is easy to implement, it has been widely used in many places, but it also has some security flaws. In this paper, based on public key infrastructure, symmetric cryptography based Kerberos protocol is modified to enhance the security of the authentication process, and uniform authorization is also added.Firstly, this paper analyzes the authentication process and the security flaws of the traditional Kerberos protocol, and modified the authentication process of Kerberos protocol base on public key infrastructure, so as to overcome the shortcomings of traditional Kerberos protocol and strengthen the security of the authentication process. Taking into account the security improvement it’s achieved, it is worthy when stronger security is required though the adoption of public key infrastructure will slow the encryption and decryption process.Secondly, this paper analyzes the role-based access control model combined with the Kerberos authentication process, and proposes a unified authorization method which can provide authentication and authorization for an intranet uniformly.Finally, based on the research above, this paper designs and implements a PKI-based Kerberos authentication and authorization system. It then describes the composition of this system and each module in detail.