Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 1.1 What is Kerberos?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Cities ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1. General information about Kerberos
Next Document: 1.2. Where does the name "Kerberos" come from?
See reader questions & answers on this topic! - Help others by sharing your knowledge
From <http://web.mit.edu/kerberos/www/>

     Kerberos is a network authentication protocol. It is designed to
     provide strong authentication for client/server applications by
     using secret-key cryptography. A free implementation of this
     protocol is available from the Massachusetts Institute of
     Technology. Kerberos is available in many commercial products as
     well.

     The Internet is an insecure place. Many of the protocols used in
     the Internet do not provide any security. Tools to "sniff"
     passwords off of the network are in common use by systems
     crackers. Thus, applications which send an unencrypted password
     over the network are extremely vulnerable. Worse yet, other
     client/server applications rely on the client program to be
     "honest" about the identity of the user who is using it. Other
     applications rely on the client to restrict its activities to
     those which it is allowed to do, with no other enforcement by the
     server.

     Some sites attempt to use firewalls to solve their network
     security problems. Unfortunately, firewalls assume that "the bad
     guys" are on the outside, which is often a very bad assumption.
     Most of the really damaging incidents of computer crime are
     carried out by insiders. Firewalls also have a significant
     disadvantage in that they restrict how your users can use the
     Internet. (After all, firewalls are simply a less extreme example
     of the dictum that there is nothing more secure then a computer
     which is not connected to the network --- and powered off!) In
     many places, these restrictions are simply unrealistic and
     unacceptable.

     Kerberos was created by MIT as a solution to these network
     security problems. The Kerberos protocol uses strong cryptography
     so that a client can prove its identity to a server (and vice
     versa) across an insecure network connection. After a client and
     server have used Kerberos to prove their identity, they can also
     encrypt all of their communications to assure privacy and data
     integrity as they go about their business.

     Kerberos is freely available from MIT, under a copyright
     permission notice very similar to the one used for the BSD
     operating and X11 Windowing system. MIT provides Kerberos in
     source form, so that anyone who wishes to use it may look over the
     code for themselves and assure themselves that the code is
     trustworthy. In addition, for those who prefer to rely on a
     professional supported product, Kerberos is available as a product
     from many different vendors.

     In summary, Kerberos is a solution to your network security
     problems. It provides the tools of authentication and strong
     cryptography over the network to help you secure your information
     systems across your entire enterprise. We hope you find Kerberos
     as useful as it has been to us. At MIT, Kerberos has been
     invaluable to our Information/Technology architecture.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1. General information about Kerberos
Next Document: 1.2. Where does the name "Kerberos" come from?

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM