Kerberos

1267 Words6 Pages
Kerberos was conceived as a secure network authentication technology at Massachusetts Institute of Technology (MIT), where it continues to evolve. Using encryption as a seal, Kerberos credentials, or tickets, vouch for authenticated users. Because every node on the network exclusively trusts the Kerberos server, users' credentials are valid throughout the network. This way, they theoretically have to log in only once. In addition, Kerberos can provide support for real-time encryption of network communications. This is like keeping the doors in your city locked, but giving authorized citizens a key to every door. (Salowey)

In the Open Systems Interconnect (OSI) model, Kerberos sits above the Network and Transport layers (above TCP/IP), meaning that it's not as simple as adding a Kerberos module to your existing desktop operating system. Using Kerberos means replacing existing network applications with "Kerberized" applications that have been rewritten to take advantage of its services, such as automatic authentication and encrypted communications.

The question is, what is Kerberos and what can it do for my network? We implemented both Kerberos version 4 and beta releases of MIT's new version 5 at our Syracuse University lab to get a better feel for this technology and to determine whether the protocol truly can solve network security problems. Examples cited in this workshop are in Kerberos 4 format, which is the version in use on most networks.

Kerberos is an attractive technology, but it's not a network security solution. We were disappointed to learn that Kerberos wasn't going to solve our problems of networkwide user management. Kerberos doesn't replace even aged technology such as Sun Microsystems' Network Information Ser...

... middle of paper ...

...e with other realms throughout the Internet. Credential-forwarding will pass TGT to remote hosts when using a Kerberized network login instead of requiring the user to run kinit on the host.

Works Cited

Salowey, Joseph. Kerberos: A secure passport.

http://www.csee.wvu.edu/~cukic/Security/NotesKerberos.pdf#search='Salowey%2C%20Joseph.20%20Kerberos%3A%20A%20secure%20passport.'

Anthes, Gary. Kerberos code crack raises broader issues.

http://static.highbeam.com/c/computerworld/february261996/kerberoscodecrackraisesbroaderissues/

Stallings, William. Kerberos keeps the enterprise secure.

Rubin, Aviel. Kerberos Versus the Leighton-Micali Protocol.

http://www.ddj.com/documents/s=879/ddj0011a/0011a.htm

Chappell, David. Microsoft and the Kerberos Standard.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/evaluate/featfunc/msjkerb.mspx

More about Kerberos

Open Document