Kerberos : The Definitive Guide (Paperback)

Jason Garman

  • 出版商: O'Reilly
  • 出版日期: 2003-09-30
  • 售價: $1,800
  • 貴賓價: 9.5$1,710
  • 語言: 英文
  • 頁數: 274
  • 裝訂: Paperback
  • ISBN: 0596004036
  • ISBN-13: 9780596004033
  • 海外代購書籍(需單獨結帳)



Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary.

Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need.

Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.

In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations.

If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

Table of Contents


1. Introduction
     What Is Kerberos?
     Other Products

2. Pieces of the Puzzle
     The Three As
     Privacy and Integrity
     Kerberos Terminology and Concepts
     Putting the Pieces Together

3. Protocols
     The Needham-Schroeder Protocol
     Kerberos 4
     Kerberos 5
     The Alphabet Soup of Kerberos-Related Protocols

4. Implementation
     The Basic Steps
     Planning Your Installation
     Before You Begin
     KDC Installation
     DNS and Kerberos
     Client and Application Server Installation

5. Troubleshooting
     A Quick Decision Tree
     Debugging Tools
     Errors and Solutions

6. Security
     Kerberos Attacks
     Protocol Security Issues
     Security Solutions
     Protecting Your KDC
     Firewalls, NAT, and Kerberos

7. Applications
     What Does Kerberos Support Mean?
     Services and Keytabs
     Transparent Kerberos Login with PAM
     Mac OS X and the Login Window
     Kerberos and Web-Based Applications
     The Simple Authentication and Security Layer (SASL)
     Kerberos-Enabled Server Packages
     Kerberos-Enabled Client Packages
     More Kerberos-Enabled Packages

8. Advanced Topics
     Cross-Realm Authentication
     Using Kerberos 4 Services with Kerberos 5
     Windows Issues
     Windows and Unix Interoperability

9. Case Study
     The Organization

10. Kerberos Futures
     Public Key Extensions
     Smart Cards
     Better Encryption
     Kerberos Referrals
     Web Services

Appendix: Administration Reference



Kerberos,最初由MIT開發的單一登錄身份驗證系統,名副其實。它是一個忠實的看門狗,可以保護您的網絡免受入侵者的侵害。但對於系統管理員來說,Kerberos的複雜性是傳奇般的可怕。單一登錄是網絡管理的終極目標,而Kerberos是唯一的選擇。通過將Kerberos集成到Windows 2000和2003的Active Directory中,微軟將Kerberos的應用範圍擴展到了所有大小的網絡。Kerberos通過提供跨整個網絡工作的單一身份驗證系統,使您的網絡更安全、更方便。您只需要一個用戶名、一個密碼、一個登錄即可。幸運的是,系統管理員現在有了幫助。《Kerberos: The Definitive Guide》向您展示如何實施Kerberos進行安全身份驗證。除了介紹加密身份驗證的基本原則外,它還涵蓋了從基本安裝到高級主題(如跨領域身份驗證、防禦Kerberos攻擊和故障排除)的所有內容。除了介紹微軟的Active Directory實現外,《Kerberos: The Definitive Guide》還介紹了Unix和Linux的兩個主要Kerberos實現:MIT和Heimdal。它還向您展示如何將Mac OS X設置為Kerberos客戶端。本書還涵蓋了仍在使用的兩個Kerberos協議版本:Kerberos 4(現已過時)和Kerberos 5,特別關注不同協議之間以及Unix和Windows實現之間的集成。如果您因為Kerberos令人困惑且文檔不足而一直避開它,那麼是時候加入了!本書向您展示如何在Windows和Unix系統上使用Kerberos身份驗證。