Manualshelf

HP CIFS Client A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
41424344454647484950
CIFS Security and Authentication
Introduction To Kerberos
Chapter 3 47
Introduction To Kerberos
Kerberos is a distributed authentication service that allows a process (a
client) running on behalf of a principal (a user) to prove its identity to a
verifier (an application server, or only a server) without sending data
across the network that might allow an attacker or the verifier to
subsequently impersonate the principal. Kerberos optionally provides
integrity and confidentiality for data sent between the client and server.
[B. Clifford Neuman,Theadore Ts’o: Kerberos: An Authentication Service
for Computer Networks]
Kerberos was developed at the Massachusetts Institute of Technology
(MIT).
Use of Kerberos in the CIFS environment provides significant security
improvements over the older NT LanManager (NTLM) protocol
traditionally used by CIFS Clients and Servers.
Requirements and Limitations Using Kerberos
Kerberos Key Distribution Center and CIFS Servers
The HP CIFS Client supports only Windows 2000 and Windows 2003
Key Distribution Centers (KDCs).
Tickets Not Acquired
For this release, the following ticket types are not acquired by the HP
CIFS Client:
Renewable
Proxiable
Forwardable
NOTE Cross-realm authentication is not supported in this release.