Extensible Pre-Authentication in Kerberos (EPAK)

Last updated: November 20th, 2007

EPAK is implemented as a patch to Heimdal Kerberos 0.8.1. It is a Kerberos extension, like PKINIT, but not for a specific type of authentication. Instead it provides a framework for various authentication schemes to be incorporated into Kerberos.

ACSAC paper

Thesis paper (or here)

EPAK source code
* The EPAK patch is licensed under the 3-clause BSD license.