Kerberos: The Network Authentication Protocol
来源:互联网 发布:上海松江3208t编程 编辑:程序博客网 时间:2024/05/16 11:00
https://web.mit.edu/kerberos/
What is Kerberos?Announcements Security Advisories Kerberos Version 4 End of Life Announcement Kerberos Releases Current release: krb5-1.15.2 Maintenance release: krb5-1.14.6 Kerberos for Windows: kfw-4.1 Historical releases of MIT krb5 Download Sources and binaries from MIT Releases in testing The krb5-current Snapshots (for developers only) Documentation Documentation for the latest release Documentation for unreleased development code How do the new US export regulations affect Kerberos? Papers about the Kerberos protocol Kerberos Y2K statement The MIT Kerberos TeamContact InformationThe MIT Kerberos ConsortiumOther Resources Mailing lists comp.protocols.kerberos newsgroup USC/ISI Kerberos Page Oak Ridge National Laboratory's "How to Kerberize your Site"
Recent News
Old news is archived.
25 Sep 2017 - krb5-1.15.2 is released
The krb5-1.15.2 source release is now available.
25 Sep 2017 - krb5-1.14.6 is released
The krb5-1.14.6 source release is now available.
What is Kerberos?
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be “honest” about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that “the bad guys” are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure than a computer which is not connected to the network — and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture.
All images and text on this page are copyright MIT.
MIT Kerberos [ home ] [ contact ]
- Kerberos: The Network Authentication Protocol
- 谈谈基于Kerberos的Windows Network Authentication
- The NTLM Authentication Protocol
- The NTLM Authentication Protocol
- The NTLM Authentication Protocol
- The NTLM Authentication Protocol
- Kerberos Authentication
- [转帖]谈谈基于Kerberos的Windows Network Authentication - Part I
- [原创]谈谈基于Kerberos的Windows Network Authentication - Part III
- [原创]谈谈基于Kerberos的Windows Network Authentication - Part II
- [原创]谈谈基于Kerberos的Windows Network Authentication - Part I
- 谈谈基于Kerberos的Windows Network Authentication[上篇]
- 【转】谈谈基于Kerberos的Windows Network Authentication
- 谈谈基于Kerberos的Windows Network Authentication[上篇]
- 谈谈基于Kerberos的Windows Network Authentication [中篇]
- 谈谈基于Kerberos的Windows Network Authentication[下篇]
- 谈谈基于Kerberos的Windows Network Authentication zz
- Kerberos (protocol)
- 基于Visual C++之实现Windows用户管理
- Android组件化初识
- TabLayout让文字平铺以及改变字体大小
- android事件传递全解析
- easyui的validate校验必填项,空格问题。
- Kerberos: The Network Authentication Protocol
- 获取数组中出现次数超过一半的元素
- 1.2.1 Web 资源——媒体类型(MIME)
- 23种设计模式之责任链模式
- Snackbar使用详解
- Android 布局框架
- R_相关关系可视化
- 信号量
- Redis Java Client Jedis