Kerberos is an extremely powerful tool for centralizing authentication in a network. The protocol uses encryption and a centralized user database to allow application servers and workstations to rely on the main Kerberos server to handle authentication tasks . If used to its fullest, the result is that users can log into any workstation and then use network services within the network without providing a password again. Even the initial password is never sent over the network, so the risk of passwords being compromised is greatly reduced. The centralized user database also greatly simplifies account maintenance. There are several Kerberos implementations available for Linux, some of which may be easier to use with any given distribution than others. Configuring a Kerberos network requires installing at least a subset of the Kerberos software on all computers. One system must be configured as a key distribution center (KDC), which houses the user database. Servers and workstations need Kerberized versions of their server and client programs, respectively. If a single-login configuration is required, workstations require modified login software. Although configuring this software can be tedious , particularly if your distribution doesn't ship with appropriate Kerberos packages, the benefits in security and centralized user administration can be substantial in a mid- sized or large network. |