Introduction to Kerberos
In 1983, the Massachusetts Institute of Technology (MIT), Digital Equipment Corporation (DEC), and IBM teamed up to create project Athena. The purpose of the project was to prevent unwanted users from accessing the services on workstations and to give the services to the trusted users. Two of the projects that came out of this cooperation were the Kerberos Authentication System and the X Windows System. The name Kerberos is taken from the Greek mythological three-headed dog that guards Hades. Just as the dog guards Hades, the Kerberos System guards the organization's services against attackers . The three heads of the dog represent authentication, authorization, and accounting. The requirements of Kerberos were that it must be:
In 1987, version 4 (v4) was released to be freely distributable across the world. Some of the encryptions are too strong to be distributed outside of the United States, so a version is also available without the encryptions, which is known as the Bones, for bare bones, of the distribution. Version 5 (v5) was released to make up for the deficiencies in v4.
The Kerberos System uses a principal store. The principal can represent a user, a computer service, a computer resource, or a group . The purpose of the Kerberos System is to authenticate one principal to another, such as a user to a computer service like a Network File System (NFS). The principals authenticate each other through the use of a Key Distribution Center (KDC). The KDC is composed of two other servers called the Authentication Server (AS) and the Ticketing Granting Server (TGS). The AS is used for authentication and the TGS is used for supplying tickets after authentication. This chapter discusses v4 in detail since it is still widely used and also discusses the differences between v4 and v5.
 Java Security Solutions ISBN: 0764549286
EAN: 2147483647 Year: 2001
Pages: 222 Authors: Rich Helton, Johennie Helton
flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net |
