Kerberos: Difference between revisions
Jump to navigation
Jump to search
imported>Sandy Harris No edit summary |
imported>Howard C. Berkowitz No edit summary |
||
| Line 1: | Line 1: | ||
{{subpages}} | {{subpages}} | ||
[[Kerberos]] is a | [[Kerberos]] is a networked [[authentication]] system developed at the [[Massachusetts Instutite of Technology]].<ref>{{citation | ||
| url = http://web.mit.edu/Kerberos/ | |||
| title = Kerberos | |||
| publisher = [[Massacusetts Instititute of Technology]], A central trusted server provides "tickets" which allow other machines to authenticate each other. Granting of specific rights, called credentialing, to authenticated machines can be by a separate secure server. | |||
The separation of credentialing from authentication is not part of all authentication systems, but offers the ability to separate the administration of those two functions, which is a check-and-balance for personnel security of administators. | |||
==Specifications and documentation== | |||
The Kerberos protocol is specified in RFC 4120. There is an active [http://www.ietf.org/html.charters/krb-wg-charter.html working group] at the [[IETF]] with many more documents. Microsoft's usage is documented in RFC 3244 and RFC 4757. | The Kerberos protocol is specified in RFC 4120. There is an active [http://www.ietf.org/html.charters/krb-wg-charter.html working group] at the [[IETF]] with many more documents. Microsoft's usage is documented in RFC 3244 and RFC 4757. | ||
There is a [http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html FAQ]. IBM provide a [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html Kerberos primer]. | There is a [http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html FAQ]. IBM provide a [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html Kerberos primer]. | ||
==Vendor use== | |||
Kerberos has been used (not without controversy [http://slashdot.org/article.pl?sid=00/05/02/158204]) by all versions of [[Microsoft Windows]] since [[Windows 2000]] [http://technet.microsoft.com/en-us/library/bb742431.aspx]. It is also used by various Unix-based systems, including [http://www.sun.com/security/kerberos/index.jsp Sun], [http://developer.apple.com/opensource/kerberosintro.html Apple], [https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA HP] and [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html IBM]. | Kerberos has been used (not without controversy [http://slashdot.org/article.pl?sid=00/05/02/158204]) by all versions of [[Microsoft Windows]] since [[Windows 2000]] [http://technet.microsoft.com/en-us/library/bb742431.aspx]. It is also used by various Unix-based systems, including [http://www.sun.com/security/kerberos/index.jsp Sun], [http://developer.apple.com/opensource/kerberosintro.html Apple], [https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1417AA HP] and [http://www.ibm.com/developerworks/ibm/library/it-kerbero.html IBM]. | ||
==References== | |||
{{reflist}} | |||
Revision as of 14:59, 11 November 2010
Kerberos is a networked authentication system developed at the Massachusetts Instutite of Technology.<ref>{{citation
| url = http://web.mit.edu/Kerberos/ | title = Kerberos | publisher = Massacusetts Instititute of Technology, A central trusted server provides "tickets" which allow other machines to authenticate each other. Granting of specific rights, called credentialing, to authenticated machines can be by a separate secure server.
The separation of credentialing from authentication is not part of all authentication systems, but offers the ability to separate the administration of those two functions, which is a check-and-balance for personnel security of administators.
Specifications and documentation
The Kerberos protocol is specified in RFC 4120. There is an active working group at the IETF with many more documents. Microsoft's usage is documented in RFC 3244 and RFC 4757.
There is a FAQ. IBM provide a Kerberos primer.
Vendor use
Kerberos has been used (not without controversy [1]) by all versions of Microsoft Windows since Windows 2000 [2]. It is also used by various Unix-based systems, including Sun, Apple, HP and IBM.