34,333
edits
Changes
→Client Service Request
For all its complexity the Kerberos Authentication system is not without a few problems. First and foremost is that fact that the Key Distribution Center acts a single point of failure. If this service is unavailable it will not be possible for users to log into the service.
Secondly, the use of timestamps used by Kerberos requires dictates that all systems in the process have clocks set to the same time (or within 10 minutes of synchronization accuracy).
Finally, the secret keys for all users are stored on a single server which, if compromised, would in turn compromise all user keys.