From K5Wiki
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.

Use Case

Client requests an anonymous ticket. The client is known to KDC, but he wants to stay anonymous with the application server. KDC calculates the client's "reputation" score and issues the ticket that contains this score (together with all other useful information). The factors that can contribute to the score are, for example, the client's history, various behavioral/network patterns, privileges etc. Based on this knowledge the receiver of the anonymous ticket may decide on the timing or content of the service, etc.

The other use cases are feasible.


Create a pluggable Client Reputation infrastructure that would allow to associate a "trustworthy" score with a client.

Score and weights

The contributing factors into the score calculation and their weights should be configurable and may consist of:

  1. . When the user account was created;
  2. . How active is the user;
  3. . user's privileges;
  4. . DNS/network topology history;