Objective 6: Security Tasks
Kerberos
There are two current versions of Kerberos, 4 and 5. But we will describe only Version 5, which is the more stable and secure version, along with the basic concepts and configurations, because Kerberos has a minimum weight in LPI Objectives. To go deeper, read Kerberos: The Definitive Guide (O'Reilly).
Overview
Kerberos is known in Greek mythology as a very strange creature that authenticates who can pass through the gates of the underworld. But in our world, Kerberos is an authenticating system developed at MIT. Kerberos uses encryption technology and a trusted third party (the Kerberos in Greek mythology had three heads) to perform secure user authentication among multiple users and application servers.
A Kerberos server can solve many authentication problems using a centralized password database and encrypting the traffic that performs authentication—passwords are never sent over the network in clear text). Thus, it centralizes authentication services with some of the highest-level security known.
Currently, a bunch of Kerberos software tools are available. MIT Kerberos is the first one and is widely supported, Heimdal is new and is developed by many people around the world, which makes the code more wide open and flexible to users outside the U.S.
Tip
Microsoft has adopted Kerberos, including its own version with Windows domain controllers, but that isn't relevant to this Topic. Windows Kerberos servers have extensions that make them difficult to ...
Get LPI Linux Certification in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
