A distributed expansible authentication model based on Kerberos

There is a potential server bottleneck problem when the Kerberos model is applied in large-scale networks because the model uses centralized management. To enlarge its application scope, researchers must consider how to build a trust relation among those Kerberos servers located on different isolated domains, but have not provided a way to prevent the potential bottleneck that can occur with Kerberos servers. With the development of across-domain authentication techniques, the local server bottleneck problem has not been alleviated; in fact, it has become more serious. Adopting the rigorous binary tree code algorithm, we present an authentication model based on Kerberos. Compared with similar models, our model has several advantages. First, it overcomes the potential server bottleneck problem and can balance the load automatically. Second, it can process across-domain authentication and enlarge the authentication boundary. Finally, its authentication path is short, with no more than two Kerberos servers being involved when authenticating a user. (C) 2008 Elsevier Ltd. All rights reserved.