Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Kerberos: The Definitive Guide
SPECIAL OFFER: Upgrade this ebook with O’Reilly Preface
Organization of This Book Conventions Used in This Book Comments and Questions Thanks...
1. Introduction
Origins
Modern History
The time-sharing model The client-server model Project Athena
What Is Kerberos? Goals Evolution
Early Kerberos (v1, v2, v3) Kerberos 4 Kerberos 5 New Directions
Other Products
DCE Globus Security Infrastructure SESAME
2. Pieces of the Puzzle
The Three As
Authentication Authorization Auditing
Directories Privacy and Integrity
Encryption Message Integrity
Kerberos Terminology and Concepts
Realms, Principals, and Instances
Service and host principals Kerberos 4 principals Kerberos 5 principals
Keys, Salts, and Passwords The Key Distribution Center
The Authentication Server The Ticket Granting Server
Tickets
The ticket (or credential) cache
Putting the Pieces Together
3. Protocols
The Needham-Schroeder Protocol Kerberos 4
The Authentication Server and the Ticket Granting Server String-to-Key Transformation The Key Version Number Password Changing
Kerberos 5
The World’s Shortest ASN.1 Tutorial The Authentication Server and the Ticket Granting Server New Encryption Options Ticket Options Kerberos 5-to-4 Ticket Translation Pre-Authentication Other Protocol Features and Extensions String-to-Key Transformation Password Changing
The Alphabet Soup of Kerberos-Related Protocols
The Generic Security Services API (GSSAPI) The Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)
4. Implementation
The Basic Steps Planning Your Installation
Choose the Platform and Operating System Choose a KDC Package
MIT Heimdal Windows domain controllers
Before You Begin KDC Installation
MIT
Building the distribution Creating your realm Starting the servers A quick test Adding slave KDCs
Heimdal
Building the distribution Creating your realm Starting the servers A quick test Adding slave KDCs
Windows Domain Controller
Creating your realm
DNS and Kerberos
Setting Up KDC Discovery Over DNS DNS Domain Name-to-Realm Mapping
Client and Application Server Installation
Unix as a Kerberos Client Mac OS X as a Kerberos Client Windows as a Kerberos Client
5. Troubleshooting
A Quick Decision Tree Debugging Tools Errors and Solutions
Errors Obtaining an Initial Ticket Unsynchronized Clocks Incorrect or Missing Kerberos Configuration Server Hostname Misconfiguration Encryption Type Mismatches
6. Security
Kerberos Attacks
Other Attacks
Protocol Security Issues
Dictionary and Brute-Force Attacks Replay Attacks Man-in-the-Middle Attacks
Security Solutions
Requiring Pre-Authentication
MIT Heimdal Windows domain controllers
Enforcing Secure Passwords
Heimdal MIT Windows domain controllers
Enforcing Password Lifetimes and History
MIT Heimdal Windows domain controllers
Protecting Your KDC
Protecting a Unix KDC Protecting a Windows Domain Controller Continual Maintenance
Firewalls, NAT, and Kerberos
Kerberos Network Ports Kerberos and NAT
Auditing
Enabling Logging
MIT Heimdal Windows domain controllers
Understanding the Logs
MIT Heimdal Windows domain controllers
7. Applications
What Does Kerberos Support Mean? Services and Keytabs Transparent Kerberos Login with PAM
Configuring PAM
Mac OS X and the Login Window Kerberos and Web-Based Applications
Building the mod_auth_kerb Apache Module Configuring mod_auth_kerb
The Simple Authentication and Security Layer (SASL)
Building the Distribution SASL Configuration Configuring saslauthd
Kerberos-Enabled Server Packages
Electronic Mail (Cyrus IMAP)
Building and configuring the distribution Testing the authentication
Directory Services (OpenLDAP)
Building, configuring, and testing the distribution
Remote Login (OpenSSH)
Building the distribution Configuring the distribution
Kerberos-Enabled Client Packages
Kerberized Secure Shell Clients Reflection X
Using existing credential caches with Reflection X
Electronic Mail
Qualcomm Eudora Apple Mail.app
More Kerberos-Enabled Packages
8. Advanced Topics
Cross-Realm Authentication
Implementing Cross-Realm Relationships
Using Kerberos 4 Services with Kerberos 5 Windows Issues
Encryption Algorithm Support Cached Login Credentials
Disabling the cached credentials feature
Windows Active Directory Authorization Field
Windows and Unix Interoperability
Using a Windows Domain Controller as a KDC for Unix Clients
Creating Unix keytabs from a Windows domain controller
Using a Non-Microsoft KDC for Windows Clients
Cross-realm trust Standalone Windows machine
9. Case Study
The Organization Planning
Planning the Kerberos Realms Existing Network Layout Kerberos KDC Planning
Implementation
Implementing UNIX.SAMPLE.COM
Building and installing the Kerberos KDC software Realm configuration files Creating the realm Setting up slave replication Installing the Kerberos software on client and application servers
Establishing Cross-Realm Relationships with SAMPLE.COM Implementing LABS.SAMPLE.COM
Building and installing the Kerberos KDC software Realm configuration files Creating the realm Installing the Kerberos software on client and application servers
Configuring Applications
10. Kerberos Futures
Public Key Extensions
Public Key Cryptography
Combining public key and symmetric key ciphers Public key cryptography key distribution
Initial Authentication (PKINIT) Cross-Realm (PKCROSS)
Smart Cards
Smart Cards and the Kerberos Protocol
Better Encryption Kerberos Referrals
User Principal Canonicalization Service Principal Canonicalization Cross-Realm Referrals
Web Services
A. Administration Reference
MIT
Connecting to kadmin Reference Section
listprincs
Reference Section
getprinc
Reference Section
addprinc
Reference Section
modprinc
Reference Section
cpw
Reference Section
delprinc
Reference Section
ktadd
Ktutil
clear list rkt addent delent wkt
Heimdal
Connecting to kadmin
list get add modify cpw delete ext_keytab
Ktutil
list add remove get
Windows Domain Controllers
Adding a principal Modifying principal attributes Changing passwords Deleting principals Adding keys into keytabs
Configuration File Format
libdefaults appdefaults realms domain_realm logging capaths
Index About the Author Colophon SPECIAL OFFER: Upgrade this ebook with O’Reilly
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion