Kerberos Essay

Good Essays
Kerberos was conceived as a secure network authentication technology at Massachusetts Institute of Technology (MIT), where it continues to evolve. Using encryption as a seal, Kerberos credentials, or tickets, vouch for authenticated users. Because every node on the network exclusively trusts the Kerberos server, users' credentials are valid throughout the network. This way, they theoretically have to log in only once. In addition, Kerberos can provide support for real-time encryption of network communications. This is like keeping the doors in your city locked, but giving authorized citizens a key to every door. (Salowey)
In the Open Systems Interconnect (OSI) model, Kerberos sits above the Network and Transport layers (above TCP/IP),
…show more content…
However, it doesn't provide support for access control or auditing functions. This is like giving every citizen in your city a master key. In the Kerberos model, access rights are handled by individual services, not by Kerberos. It often is used to complement other services like TransArc's Andrew File System (AFS) or the Open Software Foundation's Distributed Computing Environment (DCE). These services use Kerberos to verify a user's identity, but handle access control lists (ACLs) on their own. (Stallings)
On its own, Kerberos shines in the UNIX environment. Since most of the development is done there, Kerberos distributions contain a generous assortment of Kerberized applications. In fact, Kerberos does ship with some major versions of Unix, such as SunSoft's Solaris. However, because of the federal government's stringent export restrictions on the Data Encryption Standard (DES) encryption code used by Kerberos, the bundled Kerberos 4 utilities were stripped of their encryption functions. Our first task in installing Kerberos was to disable Solaris' Kerberos support in favor of the real thing.
Microsoft Windows and Apple Macintosh client software, on the other hand, exist but support is quite spotty. Client support is usually broken into two pieces: ticket management utilities, which
Get Access