Kerberos Terminology - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 43. Securing Your Network
Even if this is the case, a network that is connected to the Internet can no longer be assumed to be
secure. Any attacker who gains access to the network can use a simple packet analyzer, also known
as a packet sniffer, to intercept usernames and passwords, compromising user accounts and the
integrity of the entire security infrastructure.
The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords across
the network. If used properly, Kerberos effectively eliminates the threat that packet sniffers would
otherwise pose on a network.
43.6.1.2. Disadvantages of Kerberos
Although Kerberos removes a common and severe security threat, it may be difficult to implement for
a variety of reasons:
• Migrating user passwords from a standard UNIX password database, such as /etc/passwd
or /etc/shadow, to a Kerberos password database can be tedious, as there is no automated
mechanism to perform this task. Refer to Question 2.23 in the online Kerberos FAQ:
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html
• Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) system
used by most Red Hat Enterprise Linux servers. Refer to
more information about this issue.
• Kerberos assumes that each user is trusted but is using an untrusted host on an untrusted network.
Its primary goal is to prevent unencrypted passwords from being transmitted across that network.
However, if anyone other than the proper user has access to the one host that issues tickets used
for authentication — called the key distribution center (KDC) — the entire Kerberos authentication
system is at risk.
• For an application to use Kerberos, its source must be modified to make the appropriate calls into
the Kerberos libraries. Applications modified in this way are considered to be Kerberos-aware, or
kerberized. For some applications, this can be quite problematic due to the size of the application
or its design. For other incompatible applications, changes must be made to the way in which the
server and client communicate. Again, this may require extensive programming. Closed-source
applications that do not have Kerberos support by default are often the most problematic.
• Kerberos is an all-or-nothing solution. If Kerberos is used on the network, any unencrypted
passwords transferred to a non-Kerberos aware service is at risk. Thus, the network gains no
benefit from the use of Kerberos. To secure a network with Kerberos, one must either use Kerberos-
aware versions of all client/server applications that transmit passwords unencrypted, or not use any
such client/server applications at all.

43.6.2. Kerberos Terminology

Kerberos has its own terminology to define various aspects of the service. Before learning how
Kerberos works, it is important to learn the following terms.
authentication server (AS)
A server that issues tickets for a desired service which are in turn given to users for access to the
service. The AS responds to requests from clients who do not have or do not send credentials with
a request. It is usually used to gain access to the ticket-granting server (TGS) service by issuing
a ticket-granting ticket (TGT). The AS usually runs on the same host as the key distribution center
(KDC).
668
6
Section 43.6.4, "Kerberos and PAM"
for