Kerberos; What Is Kerberos - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Configuration Files
• man 5 hosts_access — The man page for the TCP Wrappers hosts access control files.
• man hosts_options — The man page for the TCP Wrappers options fields.
• man xinetd.conf — The man page listing xinetd configuration options.
43.5.5.2. Useful Websites
http://www.xinetd.org/
•
features, and an informative FAQ.
http://www.macsecurity.org/resources/xinetd/tutorial.shtml
•
many different ways to optimize default xinetd configuration files to meet specific security goals.
43.5.5.3. Related Books
• Hacking Linux Exposed by Brian Hatch, James Lee, and George Kurtz; Osbourne/McGraw-Hill —
An excellent security resource with information about TCP Wrappers and xinetd.
43.6. Kerberos
System security and integrity within a network can be unwieldy. It can occupy the time of several
administrators just to keep track of what services are being run on a network and the manner in which
these services are used.
Further, authenticating users to network services can prove dangerous when the method used by the
protocol is inherently insecure, as evidenced by the transfer of unencrypted passwords over a network
using the traditional FTP and Telnet protocols.
Kerberos is a way to eliminate the need for protocols that allow unsafe methods of authentication,
thereby enhancing overall network security.
43.6.1. What is Kerberos?
Kerberos is a network authentication protocol created by MIT, and uses symmetric-key cryptography
to authenticate users to network services, which means passwords are never actually sent over the
network.
Consequently, when users authenticate to network services using Kerberos, unauthorized users
attempting to gather passwords by monitoring network traffic are effectively thwarted.
43.6.1.1. Advantages of Kerberos
Most conventional network services use password-based authentication schemes. Such schemes
require a user to authenticate to a given network server by supplying their username and password.
Unfortunately, the transmission of authentication information for many services is unencrypted. For
such a scheme to be secure, the network has to be inaccessible to outsiders, and all computers and
users on the network must be trusted and trustworthy.
A system where both the client and the server share a common key that is used to encrypt and decrypt network communication.
4
— The home of xinetd, containing sample configuration files, a full listing of
— A thorough tutorial that discusses
Kerberos
5
667
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers