mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-29 13:00:32 +01:00
53 lines
2.8 KiB
Text
53 lines
2.8 KiB
Text
|
Kerberos is a network authentication protocol. It is designed to
|
||
|
provide strong authentication for client/server applications by using
|
||
|
secret-key cryptography. A free implementation of this protocol is
|
||
|
available from the Massachusetts Institute of Technology. Kerberos is
|
||
|
available in many commercial products as well.
|
||
|
|
||
|
The Internet is an insecure place. Many of the protocols used in the
|
||
|
Internet do not provide any security. Tools to "sniff" passwords off
|
||
|
of the network are in common use by malicious hackers. Thus,
|
||
|
applications which send an unencrypted password over the network are
|
||
|
extremely vulnerable. Worse yet, other client/server applications rely
|
||
|
on the client program to be "honest" about the identity of the user
|
||
|
who is using it. Other applications rely on the client to restrict its
|
||
|
activities to those which it is allowed to do, with no other
|
||
|
enforcement by the server.
|
||
|
|
||
|
Some sites attempt to use firewalls to solve their network security
|
||
|
problems. Unfortunately, firewalls assume that "the bad guys" are on
|
||
|
the outside, which is often a very bad assumption. Most of the really
|
||
|
damaging incidents of computer crime are carried out by insiders.
|
||
|
Firewalls also have a significant disadvantage in that they restrict
|
||
|
how your users can use the Internet. (After all, firewalls are simply
|
||
|
a less extreme example of the dictum that there is nothing more secure
|
||
|
then a computer which is not connected to the network --- and powered
|
||
|
off!) In many places, these restrictions are simply unrealistic and
|
||
|
unacceptable.
|
||
|
|
||
|
Kerberos was created by MIT as a solution to these network security
|
||
|
problems. The Kerberos protocol uses strong cryptography so that a
|
||
|
client can prove its identity to a server (and vice versa) across an
|
||
|
insecure network connection. After a client and server has used
|
||
|
Kerberos to prove their identity, they can also encrypt all of their
|
||
|
communications to assure privacy and data integrity as they go about
|
||
|
their business.
|
||
|
|
||
|
Kerberos is freely available from MIT, under copyright permissions
|
||
|
very similar those used for the BSD operating system and the X Window
|
||
|
System. MIT provides Kerberos in source form so that anyone who wishes
|
||
|
to use it may look over the code for themselves and assure themselves
|
||
|
that the code is trustworthy. In addition, for those who prefer to
|
||
|
rely on a professionally supported product, Kerberos is available as a
|
||
|
product from many different vendors.
|
||
|
|
||
|
In summary, Kerberos is a solution to your network security problems.
|
||
|
It provides the tools of authentication and strong cryptography over
|
||
|
the network to help you secure your information systems across your
|
||
|
entire enterprise. We hope you find Kerberos as useful as it has been
|
||
|
to us. At MIT, Kerberos has been invaluable to our
|
||
|
Information/Technology architecture.
|
||
|
|
||
|
Additional information is available from the MIT Kerberos website:
|
||
|
http://web.mit.edu/kerberos/
|