Adapting Kerberos for a browser-based environment

Benjamin, David (David A.)

Author(s)

Benjamin, David (David A.)

DownloadFull printable version (1.152Mb)

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Nickolai Zeldovich.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

This thesis presents Webathena, a browser-centric implementation of the Kerberos network authentication protocol. It consists of a JavaScript Kerberos client, paired with a simple, untrusted, server-side proxy to wrap the protocol in HTTP. This is used to implement a trusted credential manager with a cross-origin protocol to delegate credentials to untrusted Web applications. To evaluate Webathena, we present Roost, a Web-based client for the Zephyr messaging and notification in use at MIT, along with a host of proof-of-concept applications. We find that it is possible to build Web-based clients for Kerberized services similar to or better than existing native ones with no modifications to either the Kerberos KDCs or the services themselves. Finally, we discuss possible modifications to Kerberos to better support this kind of credential delegation.

Description

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.

Cataloged from PDF version of thesis.

Includes bibliographical references (pages 63-65).

Date issued

2013

URI

http://hdl.handle.net/1721.1/85405

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses