Summary

The Kerberos System has been around for almost 20 years now, and many systems that have been developed in UNIX have used it for more than a decade for authentication. In Windows 2000, support Dynamic Link Libraries for Kerberos are part of the operating system distribution. It has predated, survived, and has been modeled over many other authentication systems. Examining JAAS services cannot be done without some knowledge of Kerberos. It is an integral part of the common implementation of JAAS, its history, and what JAAS is trying to achieve. JAAS is easy to set up and use. It hides much of the complexity of what is needed to achieve a secure system.

Knowing how the underlying layers of JAAS and any security works is a must for understanding the level of security that an organization needs, as well as the weaknesses and strengths of the system. If a security leader for an organization assumes that he can just set up JAAS and it will protect everything, the assumptions are incorrect. JAAS provides a simple means to work with Kerberos and get it working in a timely manner. However, to fully understand the benefits and weaknesses of Kerberos, an examination of the protocol must take place. Attackers spend countless hours studying the weaknesses of protocols, and we recommend the same for anyone who wants to ensure that his organization is secure.