LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-21-2015, 12:49 PM   #1
abourke
Member
 
Registered: Dec 2006
Posts: 103

Rep: Reputation: 16
Kerberos


Hi,

Just wondering about Kerberos.
1 Does it only provide authentication?
2 Or does it encrypt communications aswell?
3 If so, is it only the network (LAN) that is encrypted?
4 Or does it encrypt Internet (WAN) connections too?

Regards
Aubrey.
 
Old 04-21-2015, 02:08 PM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: Sutton, MA. USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu
Posts: 5,266
Blog Entries: 12

Rep: Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862Reputation: 1862
It's client to server encryption so therefore its endpoint to endpoint. Why not read the Kerberos Wiki entry, it should be very informative and help you answer specific questions.
 
Old 04-21-2015, 02:39 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,696

Rep: Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261
Quote:
Originally Posted by abourke View Post
Hi,

Just wondering about Kerberos.
1 Does it only provide authentication?
Not exclusively - but that IS its primary function.
Quote:
2 Or does it encrypt communications aswell?
It provides an encryption capability library that can be used to encrypt any communication. But it is up to each utility to make use of that library.

The library itself is used to implement the protocols for authentication. As such, there was no reason to exclude its use for other functions as well.

Most kerberos kits include an authenticated kerberized version of telnet, rsh, ftp, and rlogin. But the library can support many others.
Quote:
3 If so, is it only the network (LAN) that is encrypted?
4 Or does it encrypt Internet (WAN) connections too?
No - the functions are provided to the network (of whatever type).

The primary goal is to provide authentication - and that works no matter what the network type is lan/wan makes no difference.
Quote:
Regards
Aubrey.
Kerberos has been used to provide distributed secure network file services (via AFS) which is world wide. (warning - DON'T do a "ls -R" or a "find" on the base AFS mount point--- it gets hard to stop once it starts scanning across the globe.)

The normal use is LAN authentication (as shown by a Windows AD domain), but in general I have seen it used for worldwide remote logins. It has procedures for distributing authentication trust via cross realm checks, where a "realm" simply represents a collection of servers and a key distribution server. Trust may be extended in a hierarchy, or peer to peer. Trust may also be limited to one way or two way.

Current Kerberos versions also support the use of PKI.

One think kerberos isn't is a substitute for IPSec, which can provide a network level encryption for ANY network usage.

Last edited by jpollard; 04-21-2015 at 02:44 PM.
 
  


Reply

Tags
kerberos


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh and kerberos error: Server not found in Kerberos database Felipe Linux - Server 1 01-17-2011 03:12 AM
kerberos paul_mat Linux - Networking 0 05-10-2006 12:02 AM
kerberos denning Slackware 1 11-02-2005 07:04 AM
Kerberos 5 1.4.1 Kenji Miyamoto Slackware 1 05-24-2005 07:11 PM
Kerberos Krizzc Slackware 0 10-21-2004 07:10 AM


All times are GMT -5. The time now is 02:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration