لطفا منتظر باشید ...
Chapter 6.
Authenticating Users via Kerberos
Linux systems normally use localized
authenticationthat is, when a user types a username and password, the computer
uses its own authentication database to decide whether to grant the user
access. A further consequence of this system is that servers that require
passwords for access, such as POP mail servers and FTP servers, require users
to enter their passwords and send them over the network. This approach is
sensible for isolated computers and for computers whose users don't have
accounts on other systems on a network. When a group of users has accounts on
many computers, though, maintaining those accounts can be tedious. Furthermore,
with passwords flying across the network wires, often in an unencrypted form,
the chance for a malicious individual to do damage by stealing passwords is
substantial. These are the problems that Kerberos is intended to solve. This
tool allows you to maintain a centralized user database. Individual computers
defer to this centralized database when authenticating users, and use
sophisticated encryption techniques to ensure that data transfers aren't
subject to hijacking.NOTE
align=left border=0> The name Kerberos
is derived from Greek mythology; Kerberos was the three-headed dog who
guarded the underworld. The Romans spelled the name Cerberus,
but the Kerberos developers used the Greek spelling. Many Kerberos Web pages
sport graphics of the three-headed dog of mythology.
To run a Kerberos server, it's important that
you understand the basic principles upon which it's built, including the
different versions of Kerberos and its needs. As with other network protocols,
Kerberos uses both a client and a server. To do any good, you must be able to
configure both, so this chapter covers both options.Kerberos is an extremely complex protocol,
and to use it fully you must configure not only a single Kerberos server, but
many of your network's servers and clients. For this reason, this chapter only
scratches the surface of Kerberos configuration. To do more than set up a
fairly basic Kerberos system, you'll need to consult additional documentation,
much of which is available from the main Kerberos Web site,
documentation and implementations of the protocol.
Chapter 6.
Authenticating Users via Kerberos
Linux systems normally use localized
authenticationthat is, when a user types a username and password, the computer
uses its own authentication database to decide whether to grant the user
access. A further consequence of this system is that servers that require
passwords for access, such as POP mail servers and FTP servers, require users
to enter their passwords and send them over the network. This approach is
sensible for isolated computers and for computers whose users don't have
accounts on other systems on a network. When a group of users has accounts on
many computers, though, maintaining those accounts can be tedious. Furthermore,
with passwords flying across the network wires, often in an unencrypted form,
the chance for a malicious individual to do damage by stealing passwords is
substantial. These are the problems that Kerberos is intended to solve. This
tool allows you to maintain a centralized user database. Individual computers
defer to this centralized database when authenticating users, and use
sophisticated encryption techniques to ensure that data transfers aren't
subject to hijacking.NOTE
align=left border=0> The name Kerberos
is derived from Greek mythology; Kerberos was the three-headed dog who
guarded the underworld. The Romans spelled the name Cerberus,
but the Kerberos developers used the Greek spelling. Many Kerberos Web pages
sport graphics of the three-headed dog of mythology.
To run a Kerberos server, it's important that
you understand the basic principles upon which it's built, including the
different versions of Kerberos and its needs. As with other network protocols,
Kerberos uses both a client and a server. To do any good, you must be able to
configure both, so this chapter covers both options.Kerberos is an extremely complex protocol,
and to use it fully you must configure not only a single Kerberos server, but
many of your network's servers and clients. For this reason, this chapter only
scratches the surface of Kerberos configuration. To do more than set up a
fairly basic Kerberos system, you'll need to consult additional documentation,
much of which is available from the main Kerberos Web site,
documentation and implementations of the protocol.
