Chapter 6. Security

Cerberus, the fierce three-headed creature that guarded the entrance to Hades, prevented the living from entering the underworld and devoured the brave souls who attempted to leave. While Cerberus was successful in keeping the living from visiting the netherworld, like all great characters in mythology, he had a fatal flaw. In the Aeneid , when the Trojan hero Aeneas descends to visit his father, he encounters the menacing Cerberus. He tosses Cerberus a spiced cake laced with honey and poppy seeds, and Cerberus promptly devours it and falls unconscious. With hell’s keeper fast asleep, Aeneas swiftly crosses into the underworld.

We’d hope that the modern equivalent to the ancient Cerberus would not have such a simple, fatal flaw. While Kerberos is the most popular cross-platform, network-wide authentication system available, it by no means has a perfect security record. It is certainly true that a lot of thought was put into making Kerberos as secure as possible; however, there are still security issues that require careful attention. Thankfully, unlike proprietary security software, Kerberos has been scrutinized for holes both in the basic protocol itself as well as the most common reference implementation from MIT.

It is important to recognize that implementing Kerberos on your network does not guarantee perfect security. While Kerberos is extremely secure in a theoretical sense, there are many practical security issues to be considered. In addition, it is important ...

Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.