Sebastopol, CA--In Greek mythology, Kerberos (aka Cerberus) was the hound of Hades--a vicious, three-headed dog with a mane of snakes and lion's claws that guarded the realm of the underworld. Today, the aptly named Kerberos authentication system serves a similar post as a steadfast gatekeeper that bars intruders from your networks. But Kerberos's reputation for being head-achingly complex is as legendary as its name, so many a network and system administrator has shied away from the poorly understood beast. Fear no more! Jason Garman's Kerberos: The Definitive Guide (O'Reilly, US $34.95) shows you how to unleash the power of this trusty watchdog on networks large and small.
Rest assured, Kerberos has plenty of bite. Originally developed at MIT and freely available from MIT in source form (it's also commercially available for those who prefer a professionally supported product), this ultra-secure, single sign-on, cross-platform system authenticates clients trying to access network resources and stands guard against those who attempt to monitor network traffic and intercept passwords.
It's all about convenience and security. With Kerberos, administrators can centralize authentication into a single server or set of servers. And one login--just one username and one password--is all an end-user needs for access to network resources, regardless of platform or operating system. Kerberos issues "tickets," time-limited cryptographic messages that prove a user's identity to a given server (and vice versa) without transmitting passwords over the network or even caching them on the local user's hard disk. Once a ticket is accepted, clients and servers are assured of encryption and message integrity for private, tamper-free communication.
According to author Jason Garman, it is no surprise that Kerberos is becoming widely adopted in Unix, Linux, and Windows environments alike. After all, he says, "Kerberos is the only well studied, proven, and widely supported authentication system available for computer networks."
And Microsoft apparently agrees. The company has integrated Kerberos into Windows 2000 and above, reports Garman, "and the release of Windows Server 2003 further affirms Microsoft's commitment to Kerberos as its authentication protocol of choice. Microsoft has single-handedly driven the use of Kerberos into the majority of the operating-system market that it controls." And in so doing, Microsoft has extended the reach of Kerberos to even the smallest of networks.
Administrators who have been daunted by the sophistication and complexity of Kerberos and put off by the lack of helpful documentation will find the path to implementation much simpler with "Kerberos: The Definitive Guide." Garman explains what Kerberos is, how it works, and why it is ideal for any organization looking to establish a robust, single sign-on infrastructure for its network. This accessible guide--aimed at intermediate to advanced network and system administrators who are considering "Kerberizing" their networks--also features:
A thorough and detailed discussion of cryptographic authentication
Everything administrators need to understand and implement a Kerberos network in either a Unix or a Windows environment
A comprehensive discussion of the practical issues that are present when establishing and running your own Kerberos realm
Advice on setting up applications to use Kerberos authentication and adding Kerberos to software packages
Advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting
A case study and a glimpse into the future of Kerberos
This is an ultimately practical guide to making Kerberos an essential part of your total network security plan--and making life easier for both administrators and end users.
O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.