AuthAgent Kerberos (617)
AuthAgent Kerberos is a standards-based full-featured implementation of the Kerberos V network authentication mechanism for embedded network clients and services. It is fully interoperable with all standards-based Kerberos authentication servers (Key Distribution Centers or KDCs) including ones from Microsoft, MIT and Heimdal. It is a member of the AuthAgent family of authentication products offered by TeamF1.
AuthAgent Kerberos provides a convenient way to add highly-secure authentication to embedded devices. Features include:
- Support for the latest Kerberos V protocol authentication
- Kerberos-enables both network clients and services
- Allows single-logon convenience
- Provides for integrity and confidentiality of encrypted Kerberos messages
- Generates session key for authentication that may be used by application for session privacy
- Support for PKINIT for initial certificate-based authentication (when used with AuthAgent X.509 by TeamF1)
- Uses timestamps to protect against replays
- IPv6 Support
- Includes ticket caching functionality and memory based credentials cache
- Support for subkey messages for PacketCable™ compliance
- Interoperable with Kerberos KDCs, services and clients on other platforms
- Validated against Microsoft Windows® Active Directory, Windows® Server (including IAS) and Linux® / UNIX® MIT and Heimdal implementations
- Can be used as a stand-alone module or add-on to network security solutions such as SSH and IPSec
- Support for CPU types of either endian-ness on PowerPC, MIPS, X86, ARM/XScale
- RFC 1510
- RFC 3962
- AuthAgent RADIUS: A Remote Authentication Agent
- AuthAgent X.509: Digital Certificate Authentication
- SSHield SSH: Secure Shell & SFTP/SCP
- V-IPSecure IPSec & IKE: Network Layer Security
AuthAgent Kerberos is a standards based full-featured implementation of the Kerberos V authentication mechanism designed exclusively for real-time and embedded operating systems. It includes the core functionality to enable Kerberos authentication in network clients and services. The Kerberos protocol (RFC1510) specifies an authentication and encryption scheme that allows a principal to become "known" by an authenticating server and then to use that authentication to access systems and services on the network. AuthAgent Kerberos allows an organization to leverage its enterprise network Kerberos servers to authenticate services and clients running on embedded devices such as networking and storage equipment, office devices such as printers, connected smart appliances, and remotely managed industrial control applications. With Kerberos becoming a preferred authentication mechanism for several network security protocols and a required part of several industry specifications such as PacketCable(tm), AuthAgent Kerberos provides a convenient way to add highly-secure authentication to embedded devices outside the enterprise as well.
AuthAgent Kerberos may be used in application-level protocols, such as telnet or FTP, to provide "user to embedded device" security or as the implicit authentication system of data streams or RPC mechanisms. It can also be used at a lower level for "embedded device to host security" or between embedded devices, in any standard or proprietary network protocols including IP, UDP, and TCP. It also finds application in larger credential based frameworks such as GSS-API. AuthAgent Kerberos is designed to be used as a standalone authentication mechanism in applications where only access control is important, or as a seamless add-on to other network security solutions offered by teamF1 such as SSHield, SecureShell, and V-IPSecure IPsec/IKE, where its authentication can be used along with network security protocols that protect data in transit.
AuthAgent Kerberos is a drop-in component for many real-time and embedded operating systems (OSes) including VxWorks 5.x, 6.x, and AE/653, as well as Linux 2.4 and 2.6 kernels. It has been extensively validated on a variety of CPU architectures, which minimizes development and integration efforts. AuthAgent Kerberos is uniquely optimized for each embedded OS supported, such as multi-tasking, memory partitions, and abstractions that are lean, yet fast and full-featured. The AuthAgent Kerberos distribution includes Project facility componentization and sample kerberized clients and services (native mode and GSS API based) to use as reference implementations.
If you are interested in more information on how Wind River partners with this company, click here.