Sebastopol : : O'Reilly Media, , 2010.

1 online resource (274 p.)

Description based upon print version of record.. - Table of Contents; Preface; Organization of This Book; Conventions Used in This Book; Comments and Questions; Thanks...; Chapter 1. Introduction; Origins; Modern History; The time-sharing model; The client-server model; Project Athena; What Is Kerberos?; Goals; Evolution; Early Kerberos (v1, v2, v3); Kerberos 4; Kerberos 5; New Directions; Other Products; DCE; Globus Security Infrastructure; SESAME; Chapter 2. Pieces of the Puzzle; The Three As; Authentication; Authorization; Auditing; Directories; Privacy and Integrity; Encryption; Message Integrity; Kerberos Terminology and Concepts. - Creating your realmStarting the servers; A quick test; Adding slave KDCs; Heimdal; Building the distribution; Creating your realm; Starting the servers; A quick test; Adding slave KDCs; Windows Domain Controller; Creating your realm; DNS and Kerberos; Setting Up KDC Discovery Over DNS; DNS Domain Name-to-Realm Mapping; Client and Application Server Installation; Unix as a Kerberos Client; Mac OS X as a Kerberos Client; Windows as a Kerberos Client; Chapter 5. Troubleshooting; A Quick Decision Tree; Debugging Tools; Errors and Solutions; Errors Obtaining an Initial Ticket. - New Encryption OptionsTicket Options; Kerberos 5-to-4 Ticket Translation; Pre-Authentication; Other Protocol Features and Extensions; String-to-Key Transformation; Password Changing; The Alphabet Soup of Kerberos-Related Protocols; The Generic Security Services API (GSSAPI); The Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO); Chapter 4. Implementation; The Basic Steps; Planning Your Installation; Choose the Platform and Operating System; Choose a KDC Package; MIT; Heimdal; Windows domain controllers; Before You Begin; KDC Installation; MIT; Building the distribution. - Protecting a Windows Domain Controller. - Realms, Principals, and InstancesService and host principals; Kerberos 4 principals; Kerberos 5 principals; Keys, Salts, and Passwords; The Key Distribution Center; The Authentication Server; The Ticket Granting Server; Tickets; The ticket (or credential) cache; Putting the Pieces Together; Chapter 3. Protocols; The Needham-Schroeder Protocol; Kerberos 4; The Authentication Server and the Ticket Granting Server; String-to-Key Transformation; The Key Version Number; Password Changing; Kerberos 5; The World's Shortest ASN.1 Tutorial; The Authentication Server and the Ticket Granting Server. - Unsynchronized ClocksIncorrect or Missing Kerberos Configuration; Server Hostname Misconfiguration; Encryption Type Mismatches; Chapter 6. Security; Kerberos Attacks; Other Attacks; Protocol Security Issues; Dictionary and Brute-Force Attacks; Replay Attacks; Man-in-the-Middle Attacks; Security Solutions; Requiring Pre-Authentication; MIT; Heimdal; Windows domain controllers; Enforcing Secure Passwords; Heimdal; MIT; Windows domain controllers; Enforcing Password Lifetimes and History; MIT; Heimdal; Windows domain controllers; Protecting Your KDC; Protecting a Unix KDC. - Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary. Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient

Electronic books.

005.8

0596004036