Buy this Book
Print Book $34.95
Add to Cart
Read it Now!
Print Book £24.95
Add to UK Cart
Reprint Licensing
Envelope Tell a friend
Kerberos: The Definitive Guide

By Jason Garman
First Edition  August 2003 
Pages: 270
ISBN 10: 0-596-00403-6 | ISBN 13: 9780596004033
starstarstarstarstar (Average of 1 Customer Reviews)

Buy 2 Get 1 Free Free ShippingGuarantee

Book description

Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos: The Definitive Guide shows you how to implement Kerberos on Windows and Unix systems for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.
Full Description

Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary. Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need. Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting. In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations. If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

Browse within this book

Cover | Table of Contents | Colophon

Featured customer reviews

Write a Review


Kerberos: The Definitive Guide Review,  November 11 2003
Rating: StarStarStarStarStar
Submitted by Anonymous   [Respond | View]

I have just skimmed through this book and i am now in the prosess of reading it carefully. The book is well organized and covers a lot of ground.

May i point out that SESAME at http://www.cosic.esat.kuleuven.ac.be/sesame/ (referenced in chapter 1) has a book out now.

On the downside, i still feel that there should be more information about the difference between the two distributions (MIT & Heimdal). Perhaps sumarized in a table. No doubt that i will be wiser after reading the book closley. But i like to install software and experiment as i read. While both MIT and Heimdal uses a db, Heimdal can use LDAP as backend. Unfortunatly that is not covered in the book. Probably because it is experimental at this stage.

I must inform that there is another player out there called GNU Shushi (http://www.gnu.org/software/shishi/ & http://savannah.gnu.org/projects/shishi) and even if it is Alpha seems to be updated regulary.

Also on the chapter on security there are two references to Dug Song's web site.

Unfortunatly, Dug Song has in protes of the DIGITAL MILLENNIUM COPYRIGHT ACT. You can still find patch to John the Ripper at : http://www.monkey.org/~dugsong/john-1.6.krb4.patch-3 (referenced on page 104), but the link : http://www.monkey.org/~dugsong/kdcspoof.tgz is wrong. It should be http://www.monkey.org/~dugsong/kdcspoof.tar.gz (referenced on page 109).

There are some security related Kerberos papers at : http://www.gnu.org/software/shishi/research.html

If chapter 3 is a little bit to technical for you, i suggest you read the "Designing an Authentication System: a Dialogue in Four Scenes". You can find it at http://web.mit.edu/kerberos/www/dialogue.html. This could have been an appendix.

I certanly hope the author and O'Reilly will add some updates and extras articles on the O'Reilly Network.

If you are looking for a good book about Kerberos, i belive this is it.

Read all reviews

Media reviews

"...this book is a godsend...Jason Garman has written the Kerberos bible."
--Dan Ilett, SC Magazine, April 2004

"The book does deliver what it promises: a definitive guide to Kerberos...Would I recommend picking this book up? Definitely."
--Matt Willmore, MacZealots.com, December 2003
http://maczealots.com/reviews/kerberos/

Read all reviews


See larger cover