The goals of the Distributed Authentication System (DAS) need to be formally stated. It is very easy for project requirements to expand and change so that the objectives are never met. It is important to define a limited set of achievable objectives.

Goals

Here is a concise list of the basic goals of DAS:

More Goals

A user defined in DAS should be able to login to his or her computer from the console, GUI console, or via SSH using an encryped, centrally stored/managed username and password. Any PAM-enabled application or application/protocol that runs over SSH can use the same username and password for authentication.

The DAS should enable Single Sign On (SSO); specifically, being able to use Kerberos 5 client-server applications. The DAS should support SSO applications via traditional Kerberos client-server programs and ticket management, as well as GSS-API enabled applications such as Kerberos-aware web browsers and web servers.

Specific Functions/Details

Network-wide:

Client Functions:

Server Functions:

DAS servers would provide the following services and features:

Application Support:

DAS systems should be capable of supporting authentication for the following client-server protocols:

DAS systems should also be capable of supporting the following Kerberized SSO applications and protocols:

Note:  Kerberized telnet, rlogin, ftp, rsh, and rcp all support optional data encryption. Authentication is secure in any case.