Kerberos Installation

     Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by systems crackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable.

     Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Kerberos was created by MIT as a solution to these network security problems. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

     Kerberos is used in Microsoft Windows 2000 Active Directory as a cross domain authentication protocol. There usage of Kerberos deviates from the standards derived by the RFCs and MIT.

     The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades. "Cerberus" is the Latin spelling of the Greek "Kerberos", and according to the OED is pronounced like "serberus", but that is quite at odds with the Greek, as the initial consonant is a "k". MIT Project Athena chose to use the Greek spelling and pronunciation.

     Kerberos is a private-key, trusted-third-party authentication system where SSL is a public-key, certificate-based authentication system.

Kerberos Links

• http://www.cygnus.com/techie/kerbnet/
  
• Kerberos: The Network Authentication Protocol
  
• Designing an Authentication System: A Dialogue in Four Scenes
  
• Frequently Asked Questions about Kerberos