Problem statement A standard solution to use Kerberos for Client authentication and key establishment is highly desirable Client can be remote (not on KDC network) Proper protection of sensitive authentication and key exchange data Minimum overhead Transparent and generic to accommodate multiple authentication modes and protocols |