Hi,

Just wondering about Kerberos.
1 Does it only provide authentication?
2 Or does it encrypt communications aswell?
3 If so, is it only the network (LAN) that is encrypted?
4 Or does it encrypt Internet (WAN) connections too?

Regards
Aubrey.

It's client to server encryption so therefore its endpoint to endpoint. Why not read the Kerberos Wiki entry, it should be very informative and help you answer specific questions.

Not exclusively - but that IS its primary function.
It provides an encryption capability library that can be used to encrypt any communication. But it is up to each utility to make use of that library.

The library itself is used to implement the protocols for authentication. As such, there was no reason to exclude its use for other functions as well.

Most kerberos kits include an authenticated kerberized version of telnet, rsh, ftp, and rlogin. But the library can support many others.
No - the functions are provided to the network (of whatever type).

The primary goal is to provide authentication - and that works no matter what the network type is lan/wan makes no difference.
Kerberos has been used to provide distributed secure network file services (via AFS) which is world wide. (warning - DON'T do a "ls -R" or a "find" on the base AFS mount point--- it gets hard to stop once it starts scanning across the globe.)

The normal use is LAN authentication (as shown by a Windows AD domain), but in general I have seen it used for worldwide remote logins. It has procedures for distributing authentication trust via cross realm checks, where a "realm" simply represents a collection of servers and a key distribution server. Trust may be extended in a hierarchy, or peer to peer. Trust may also be limited to one way or two way.

Current Kerberos versions also support the use of PKI.

One think kerberos isn't is a substitute for IPSec, which can provide a network level encryption for ANY network usage.