Synopses & Reviews
Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary.Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need.Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations.If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.
About the Author
Jason Garman is currently working with computer forensics for the national defense and intelligence communities at Aegis Research Corporation. Previously, he worked at several biotech firms in the Washington, DC area where he helped clients design and implement secure yet easy to use research networks. Jason enjoys working with the practical application of tools and techniques to solve computer and network security problems.
Table of Contents
Dedication; Preface; Organization of This Book; Conventions Used in This Book; Comments and Questions; Thanks...; Chapter 1: Introduction; 1.1 Origins; 1.2 What Is Kerberos?; 1.3 Goals; 1.4 Evolution; 1.5 Other Products; Chapter 2: Pieces of the Puzzle; 2.1 The Three As; 2.2 Directories; 2.3 Privacy and Integrity; 2.4 Kerberos Terminology and Concepts; 2.5 Putting the Pieces Together; Chapter 3: Protocols; 3.1 The Needham-Schroeder Protocol; 3.2 Kerberos 4; 3.3 Kerberos 5; 3.4 The Alphabet Soup of Kerberos-Related Protocols; Chapter 4: Implementation; 4.1 The Basic Steps; 4.2 Planning Your Installation; 4.3 Before You Begin; 4.4 KDC Installation; 4.5 DNS and Kerberos; 4.6 Client and Application Server Installation; Chapter 5: Troubleshooting; 5.1 A Quick Decision Tree; 5.2 Debugging Tools; 5.3 Errors and Solutions; Chapter 6: Security; 6.1 Kerberos Attacks; 6.2 Protocol Security Issues; 6.3 Security Solutions; 6.4 Protecting Your KDC; 6.5 Firewalls, NAT, and Kerberos; 6.6 Auditing; Chapter 7: Applications; 7.1 What Does Kerberos Support Mean?; 7.2 Services and Keytabs; 7.3 Transparent Kerberos Login with PAM; 7.4 Mac OS X and the Login Window; 7.5 Kerberos and Web-Based Applications; 7.6 The Simple Authentication and Security Layer (SASL); 7.7 Kerberos-Enabled Server Packages; 7.8 Kerberos-Enabled Client Packages; 7.9 More Kerberos-Enabled Packages; Chapter 8: Advanced Topics; 8.1 Cross-Realm Authentication; 8.2 Using Kerberos 4 Services with Kerberos 5; 8.3 Windows Issues; 8.4 Windows and Unix Interoperability; Chapter 9: Case Study; 9.1 The Organization; 9.2 Planning; 9.3 Implementation; Chapter 10: Kerberos Futures; 10.1 Public Key Extensions; 10.2 Smart Cards; 10.3 Better Encryption; 10.4 Kerberos Referrals; 10.5 Web Services; Administration Reference; MIT; Configuration File Format; Colophon;