Only available on StudyMode
  • Download(s) : 94
  • Published : September 14, 2008
Open Document
Text Preview
Kerberos was conceived as a secure network authentication technology at Massachusetts Institute of Technology (MIT), where it continues to evolve. Using encryption as a seal, Kerberos credentials, or tickets, vouch for authenticated users. Because every node on the network exclusively trusts the Kerberos server, users' credentials are valid throughout the network. This way, they theoretically have to log in only once. In addition, Kerberos can provide support for real-time encryption of network communications. This is like keeping the doors in your city locked, but giving authorized citizens a key to every door. (Salowey) In the Open Systems Interconnect (OSI) model, Kerberos sits above the Network and Transport layers (above TCP/IP), meaning that it's not as simple as adding a Kerberos module to your existing desktop operating system. Using Kerberos means replacing existing network applications with "Kerberized" applications that have been rewritten to take advantage of its services, such as automatic authentication and encrypted communications. The question is, what is Kerberos and what can it do for my network? We implemented both Kerberos version 4 and beta releases of MIT's new version 5 at our Syracuse University lab to get a better feel for this technology and to determine whether the protocol truly can solve network security problems. Examples cited in this workshop are in Kerberos 4 format, which is the version in use on most networks. Kerberos is an attractive technology, but it's not a network security solution. We were disappointed to learn that Kerberos wasn't going to solve our problems of networkwide user management. Kerberos doesn't replace even aged technology such as Sun Microsystems' Network Information Service (NIS), since it doesn't supply the necessary account information found in Unix's /etc/passwd file or the ability to manage user rights or control access to network resources. Basically, Kerberos lacks the directory services that make...
tracking img