Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why Kerberos? Presented by Beth Lynn Eicher CPLUG Security Conference March 5, 2005 Released Under The Creative Commons Attribution- NonCommercial-ShareAlike.

Similar presentations


Presentation on theme: "Why Kerberos? Presented by Beth Lynn Eicher CPLUG Security Conference March 5, 2005 Released Under The Creative Commons Attribution- NonCommercial-ShareAlike."— Presentation transcript:

1 Why Kerberos? Presented by Beth Lynn Eicher CPLUG Security Conference March 5, 2005 Released Under The Creative Commons Attribution- NonCommercial-ShareAlike License. Some Rights Reserved

2 Kerberos IS...

3 The mythical character

4 A Network Authentication Protocol ● MIT took an idea from Xerox: “The Needham- Schroeder Protocol” ● Centralized, single sign-on, encrypted logins

5 Kerberos is everywhere Required for OpenAFS With Heimdal (from Sweden) you can use Kerberos anywhere Becoming a built-in option Microsoft Active Directory LDAP Fedora Core (PAM)

6 Yes, you can use telnet again If you “kerberize” your service, you can use services that otherwise pass your passwords in the clear.

7 Allows many methods of authentication...

8 Something that you know Your password

9 Something that you have... Your Securid

10 Something that you are... Bio-authentication

11 Since there are multiple ways of authenticating... Let's just call it secret

12 Provides the 3 A's ● Authentication – verifying secrets ● Authorization – control access ● Auditing – logging

13 NOT to be confused with...

14 Fluffy from Harry Potter

15 A directory service ● Kerberos doesn't know your full name, your favorite shell, or your home address ● Use LDAP or NIS(+) WITH Kerberos

16 Kerberos does encrypt your password.... ● But if you are using what you assume to be Kerberos may not be if your your system has been exploited! ● Be aware of trojans and key stroke logging

17 My principal

18 My principal 's service instances ● ● ●

19 My 's administrative instances ● ● ●

20 Single Sign-On 1) I login to my desktop 2) After that initial login I'm given a ticket 3) I can ssh/telnet to other machines on the network without typing a password again! My password is not cached or resent. My ticket allows me to request more tickets.

21 When I want to be root ● I authenticate with my password ● Now I have full root privileges on the local host ● I can also use this ticket to ssh/telnet to other machines to also be root on them too

22 What I didn't tell you ● How Kerberos works. ● MIT vs Heimdal ● Who is Cerberus? ● How to configure Kerbeors ● How OpenAFS uses Kerberos

23 O'Reilly to the Rescue ● “Kerberos The Definitive Guide” by Jason Garman ● The Owl book ● $34.95

24 Thanks!


Download ppt "Why Kerberos? Presented by Beth Lynn Eicher CPLUG Security Conference March 5, 2005 Released Under The Creative Commons Attribution- NonCommercial-ShareAlike."

Similar presentations


Ads by Google