ZeroShell    Forum
   Feed RSS Feed		 EnglishEnglish     ItalianoItaliano                Facebook
Google
Web ZeroShell    

    -  What is it?
    -  Screenshots
    -  License
    -  Announcements
    -  Mailing List
    -  Forum
    -  Documentation  
    -  FAQ
    -  Hardware
    -  Download
    -  On-line Updates
    -  Kerberos Tutorial  
    -  Terms of use
    -  Contact me


  In greater details:
      Performances
      Net Balancer
      UMTS Router
      Soekris Net5501
      Proxy with Antivirus
      WiFi Access Point
      OpenVPN Client
      OpenVPN Server
      QoS
      OpenDNS
      Kerberos 5
      NIS and LDAP
      X.509 Certificates
      RADIUS
      Captive Portal
      VPN
      Firewall


Valid HTML 4.01 Transitional

Kerberos Authentication Protocol

Kerberos   Introduction   Aims   Definitions   Operation   Tickets   Cross Authentication

1.1  Introduction

The Kerberos protocol is designed to provide reliable authentication over open and insecure networks where communications between the hosts belonging to it may be intercepted. However, one should be aware that Kerberos does not provide any guarantees if the computers being used are vulnerable: the authentication servers, application servers (imap, pop, smtp, telnet, ftp, ssh , AFS, lpr, ...) and clients must be kept constantly updated so that the authenticity of the requesting users and service providers can be guaranteed.

The above points justify the sentence: "Kerberos is an authentication protocol for trusted hosts on untrusted networks". By way of example, and to reiterate the concept: Kerberos' strategies are useless if someone who obtains privileged access to a server, can copy the file containing the secret key. Indeed, the intruder will put this key on another machine, and will only have to obtain a simple spoof DNS or IP address for that server to appear to clients as the authentic server.




    Copyright (C) 2005-2010 by Fulvio Ricciardi