[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Kerberos Comments wanted
- Subject: Re: [cobalt-users] Kerberos Comments wanted
- From: "Zeffie" <cobaltlist@xxxxxxxx>
- Date: Sun Apr 18 19:42:01 2004
- Organization: Electronic Consultants Inc.
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> What is Kerberos?
see http://web.mit.edu/kerberos/www/ What is Kerberos at the bottom...
or just read...
Kerberos is a network authentication protocol. It is designed to provide
strong authentication for client/server applications by using secret-key
cryptography. A free implementation of this protocol is available from the
Massachusetts Institute of Technology. Kerberos is available in many
commercial products as well.
The Internet is an insecure place. Many of the protocols used in the
Internet do not provide any security. Tools to "sniff" passwords off of the
network are in common use by malicious hackers. Thus, applications which
send an unencrypted password over the network are extremely vulnerable.
Worse yet, other client/server applications rely on the client program to be
"honest" about the identity of the user who is using it. Other applications
rely on the client to restrict its activities to those which it is allowed
to do, with no other enforcement by the server.
Some sites attempt to use firewalls to solve their network security
problems. Unfortunately, firewalls assume that "the bad guys" are on the
outside, which is often a very bad assumption. Most of the really damaging
incidents of computer crime are carried out by insiders. Firewalls also have
a significant disadvantage in that they restrict how your users can use the
Internet. (After all, firewalls are simply a less extreme example of the
dictum that there is nothing more secure then a computer which is not
connected to the network --- and powered off!) In many places, these
restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network security
problems. The Kerberos protocol uses strong cryptography so that a client
can prove its identity to a server (and vice versa) across an insecure
network connection. After a client and server has used Kerberos to prove
their identity, they can also encrypt all of their communications to assure
privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under copyright permissions very
similar those used for the BSD operating system and the X Window System. MIT
provides Kerberos in source form so that anyone who wishes to use it may
look over the code for themselves and assure themselves that the code is
trustworthy. In addition, for those who prefer to rely on a professionally
supported product, Kerberos is available as a product from many different
vendors.
In summary, Kerberos is a solution to your network security problems. It
provides the tools of authentication and strong cryptography over the
network to help you secure your information systems across your entire
enterprise. We hope you find Kerberos as useful as it has been to us. At
MIT, Kerberos has been invaluable to our Information/Technology
architecture.
> Why would i want it on my Raq?
because it seems like everything else in the world has it... and many of the
E3 rpms want it... open ssh wants it... it's in style.... :)
Zeffie... "Get your Z's with Zeffie" 734-454-9117
Cobalt RaQ Repairs, Development, and Maintenance.
Cobalt Spam Filter, Security, Firewall, Anti Virus Products
http://www.wordassassin.com/ Wordassassin Authorized Dealer
http://www.zeffie.net/ Free pkg and rpm resources for the Cobalt user
http://www.zeffie.com/ Home of the Worlds Largest Collection of RaQ rpms