Press Room

Press Release: September 5, 2003

"Kerberos: The Definitive Guide" Puts the Network Watchdog On the Prowl

Sebastopol, CA--In Greek mythology, Kerberos (aka Cerberus) was the hound of Hades--a vicious, three-headed dog with a mane of snakes and lion's claws that guarded the realm of the underworld. Today, the aptly named Kerberos authentication system serves a similar post as a steadfast gatekeeper that bars intruders from your networks. But Kerberos's reputation for being head-achingly complex is as legendary as its name, so many a network and system administrator has shied away from the poorly understood beast. Fear no more! Jason Garman's Kerberos: The Definitive Guide (O'Reilly, US $34.95) shows you how to unleash the power of this trusty watchdog on networks large and small.

Rest assured, Kerberos has plenty of bite. Originally developed at MIT and freely available from MIT in source form (it's also commercially available for those who prefer a professionally supported product), this ultra-secure, single sign-on, cross-platform system authenticates clients trying to access network resources and stands guard against those who attempt to monitor network traffic and intercept passwords.

It's all about convenience and security. With Kerberos, administrators can centralize authentication into a single server or set of servers. And one login--just one username and one password--is all an end-user needs for access to network resources, regardless of platform or operating system. Kerberos issues "tickets," time-limited cryptographic messages that prove a user's identity to a given server (and vice versa) without transmitting passwords over the network or even caching them on the local user's hard disk. Once a ticket is accepted, clients and servers are assured of encryption and message integrity for private, tamper-free communication.

According to author Jason Garman, it is no surprise that Kerberos is becoming widely adopted in Unix, Linux, and Windows environments alike. After all, he says, "Kerberos is the only well studied, proven, and widely supported authentication system available for computer networks."

And Microsoft apparently agrees. The company has integrated Kerberos into Windows 2000 and above, reports Garman, "and the release of Windows Server 2003 further affirms Microsoft's commitment to Kerberos as its authentication protocol of choice. Microsoft has single-handedly driven the use of Kerberos into the majority of the operating-system market that it controls." And in so doing, Microsoft has extended the reach of Kerberos to even the smallest of networks.

Administrators who have been daunted by the sophistication and complexity of Kerberos and put off by the lack of helpful documentation will find the path to implementation much simpler with "Kerberos: The Definitive Guide." Garman explains what Kerberos is, how it works, and why it is ideal for any organization looking to establish a robust, single sign-on infrastructure for its network. This accessible guide--aimed at intermediate to advanced network and system administrators who are considering "Kerberizing" their networks--also features:

  • A thorough and detailed discussion of cryptographic authentication

  • Everything administrators need to understand and implement a Kerberos network in either a Unix or a Windows environment

  • A comprehensive discussion of the practical issues that are present when establishing and running your own Kerberos realm

  • Advice on setting up applications to use Kerberos authentication and adding Kerberos to software packages

  • Advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting

  • A case study and a glimpse into the future of Kerberos

This is an ultimately practical guide to making Kerberos an essential part of your total network security plan--and making life easier for both administrators and end users.

Additional Resources:

Kerberos: The Definitive Guide
Jason Garman
ISBN 0-596-00403-6, 272 pages, $34.95 US, $54.95 CA, 24.95 UK
1-800-998-9938; 1-707-827-7000

About O'Reilly

For almost 40 years, O’Reilly Media has provided technology and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through the company’s Safari training and learning platform and at O’Reilly conferences. As a SaaS learning platform, Safari delivers highly topical and comprehensive technology and business learning solutions to millions of users across enterprise, consumer, and university channels. For more information visit

Return to: O'Reilly Press Room

Press Contacts

Media Relations – Corporate & North America

Fama PR

Media Relations – Japan

Fumi Yamakawa
+81 3-3356-5227

Media Relations – United Kingdom

Helen Codling
+44 (0) 1252 721284