Kerberos the definitive guide
Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary. Single sign-on is...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Beijing ; Sebastopol, California :
O'Reilly
2003.
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627019006719 |
Tabla de Contenidos:
- Table of Contents; Preface; Organization of This Book; Conventions Used in This Book; Comments and Questions; Thanks...; Chapter 1. Introduction; Origins; Modern History; The time-sharing model; The client-server model; Project Athena; What Is Kerberos?; Goals; Evolution; Early Kerberos (v1, v2, v3); Kerberos 4; Kerberos 5; New Directions; Other Products; DCE; Globus Security Infrastructure; SESAME; Chapter 2. Pieces of the Puzzle; The Three As; Authentication; Authorization; Auditing; Directories; Privacy and Integrity; Encryption; Message Integrity; Kerberos Terminology and Concepts
- Realms, Principals, and InstancesService and host principals; Kerberos 4 principals; Kerberos 5 principals; Keys, Salts, and Passwords; The Key Distribution Center; The Authentication Server; The Ticket Granting Server; Tickets; The ticket (or credential) cache; Putting the Pieces Together; Chapter 3. Protocols; The Needham-Schroeder Protocol; Kerberos 4; The Authentication Server and the Ticket Granting Server; String-to-Key Transformation; The Key Version Number; Password Changing; Kerberos 5; The World's Shortest ASN.1 Tutorial; The Authentication Server and the Ticket Granting Server
- New Encryption OptionsTicket Options; Kerberos 5-to-4 Ticket Translation; Pre-Authentication; Other Protocol Features and Extensions; String-to-Key Transformation; Password Changing; The Alphabet Soup of Kerberos-Related Protocols; The Generic Security Services API (GSSAPI); The Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO); Chapter 4. Implementation; The Basic Steps; Planning Your Installation; Choose the Platform and Operating System; Choose a KDC Package; MIT; Heimdal; Windows domain controllers; Before You Begin; KDC Installation; MIT; Building the distribution
- Creating your realmStarting the servers; A quick test; Adding slave KDCs; Heimdal; Building the distribution; Creating your realm; Starting the servers; A quick test; Adding slave KDCs; Windows Domain Controller; Creating your realm; DNS and Kerberos; Setting Up KDC Discovery Over DNS; DNS Domain Name-to-Realm Mapping; Client and Application Server Installation; Unix as a Kerberos Client; Mac OS X as a Kerberos Client; Windows as a Kerberos Client; Chapter 5. Troubleshooting; A Quick Decision Tree; Debugging Tools; Errors and Solutions; Errors Obtaining an Initial Ticket
- Unsynchronized ClocksIncorrect or Missing Kerberos Configuration; Server Hostname Misconfiguration; Encryption Type Mismatches; Chapter 6. Security; Kerberos Attacks; Other Attacks; Protocol Security Issues; Dictionary and Brute-Force Attacks; Replay Attacks; Man-in-the-Middle Attacks; Security Solutions; Requiring Pre-Authentication; MIT; Heimdal; Windows domain controllers; Enforcing Secure Passwords; Heimdal; MIT; Windows domain controllers; Enforcing Password Lifetimes and History; MIT; Heimdal; Windows domain controllers; Protecting Your KDC; Protecting a Unix KDC
- Protecting a Windows Domain Controller
