Table of Contents
Preface
Organization of This Book
Conventions Used in This Book
Comments and Questions
Thanks ...
Chapter 1. Introduction
Origins
Modern History
The time-sharing model
The client-server model
Project Athena
What Is Kerberos?
Goals
Evolution
Early Kerberos (v1, v2, v3)
Kerberos 4
Kerberos 5
New Directions
Other Products
DCE
Globus Security Infrastructure
SESAME
Chapter 2. Pieces of the Puzzle
The Three As
Authentication
Authorization
Auditing
Directories
Privacy and Integrity
Encryption
Message Integrity
Kerberos Terminology and Concepts. Realms, Principals, and InstancesService and host principals
Kerberos 4 principals
Kerberos 5 principals
Keys, Salts, and Passwords
The Key Distribution Center
The Authentication Server
The Ticket Granting Server
Tickets
The ticket (or credential) cache
Putting the Pieces Together
Chapter 3. Protocols
The Needham-Schroeder Protocol
Kerberos 4
The Authentication Server and the Ticket Granting Server
String-to-Key Transformation
The Key Version Number
Password Changing
Kerberos 5
The World's Shortest ASN. 1 Tutorial
The Authentication Server and the Ticket Granting Server. New Encryption OptionsTicket Options
Kerberos 5-to-4 Ticket Translation
Pre-Authentication
Other Protocol Features and Extensions
String-to-Key Transformation
Password Changing
The Alphabet Soup of Kerberos-Related Protocols
The Generic Security Services API (GSSAPI)
The Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)
Chapter 4. Implementation
The Basic Steps
Planning Your Installation
Choose the Platform and Operating System
Choose a KDC Package
MIT
Heimdal
Windows domain controllers
Before You Begin
KDC Installation
MIT
Building the distribution. Creating your realmStarting the servers
A quick test
Adding slave KDCs
Heimdal
Building the distribution
Creating your realm
Starting the servers
A quick test
Adding slave KDCs
Windows Domain Controller
Creating your realm
DNS and Kerberos
Setting Up KDC Discovery Over DNS
DNS Domain Name-to-Realm Mapping
Client and Application Server Installation
Unix as a Kerberos Client
Mac OS X as a Kerberos Client
Windows as a Kerberos Client
Chapter 5. Troubleshooting
A Quick Decision Tree
Debugging Tools
Errors and Solutions
Errors Obtaining an Initial Ticket. Unsynchronized ClocksIncorrect or Missing Kerberos Configuration
Server Hostname Misconfiguration
Encryption Type Mismatches
Chapter 6. Security
Kerberos Attacks
Other Attacks
Protocol Security Issues
Dictionary and Brute-Force Attacks
Replay Attacks
Man-in-the-Middle Attacks
Security Solutions
Requiring Pre-Authentication
MIT
Heimdal
Windows domain controllers
Enforcing Secure Passwords
Heimdal
MIT
Windows domain controllers
Enforcing Password Lifetimes and History
MIT
Heimdal
Windows domain controllers
Protecting Your KDC
Protecting a Unix KDC.

upload/bibliotik/0_Other/2/2003 Jason Garman-Kerberos.epub

lgli/Z:\Bibliotik_\15\2\2003 Jason Garman-Kerberos.epub

lgrsnf/Z:\Bibliotik_\15\2\2003 Jason Garman-Kerberos.epub

nexusstc/Kerberos: the Definitive Guide/35c52c5017ea89a0b8c13626d9da7096.epub

zlib/no-category/Garman, Jason/Kerberos: the Definitive Guide_5696309.epub

Jason Garman

Pogue Press

1st Edition, Beijing, Farnham, China, 2003

United States, United States of America

O'Reilly Media, Beijing, 2003

1st ed, Sebastopol, CA, ©2003

August 26, 2003

1, 20030826

PT, 2003

lg2625404

{"isbns":["0596004036","1449390773","9780596004033","9781449390778"],"publisher":"O'Reilly Media"}

"Covers Unix and Windows"--Cover.
"Cross-platform authentication & single-sign-on"--Cover.
Includes index.

Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary.Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need.Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations.If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems. -- [Amazon]

Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary. Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need. Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting. In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations. If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary. Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by pr.;Table of Contents; Preface; Organization of This Book; Conventions Used in This Book; Comments and Questions; Thanks ... ; Chapter 1. Introduction; Origins; Modern History; The time-sharing model; The client-server model; Project Athena; What Is Kerberos?; Goals; Evolution; Early Kerberos (v1, v2, v3); Kerberos 4; Kerberos 5; New Directions; Other Products; DCE; Globus Security Infrastructure; SESAME; Chapter 2. Pieces of the Puzzle; The Three As; Authentication; Authorization; Auditing; Directories; Privacy and Integrity; Encryption; Message Integrity; Kerberos Terminology and Concepts.

Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos: The Definitive Guide shows you how to implement Kerberos on Windows and Unix systems for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.
COMPUTERS / Security / General

2020-07-26