Manualshelf

Kerberos White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
12345678910
Executive Summary
This white paper provides a high-level description of the Kerberos protocol. The paper includes
detailed information about important concepts and features of Kerberos authentication. The first
section provides basic information about Kerberos authentication. Following this introduction to the
protocol are several sections with details of how HP has implemented the Kerberos authentication
protocol.
HP-UX supports the following Kerberos suite of products on the on the HP-UX 11.0, 11i v1, and 11i
v2 operating systems:
Pluggable Authentication Module Kerberos (PAM-Kerberos)
Kerberos Client Software
HP Kerberos Server
Generic Security Service Application Programming Interface (GSS-API)
Secure Internet Services (SIS)
HP-UX Secure Shell (SSH)
The subsequent sections of this document discuss these in detail.
The paper concludes with a brief discussion of Kerberos protocol interoperability with other systems.
Problem Statement
The Internet is a vast place that connects millions of people from all corners of the globe to each other
everyday. In such a network, information can be lost, stolen, corrupted, or misused. Another
drawback of the internet is that it is difficult for individuals to confirm their identity to one another.
Confidentiality is very important for some types of information, such as information related to banking
and medical. It is therefore important that a user, who wants to access this kind of information online,
be able to confirm that the user is who he/she claims to be. This process is called authentication.
Kerberos plays a major role in authentication.
Traditionally, a process was set in place called Authentication by Assertion. Authentication by
assertion works as follows:
When a user runs a program that accesses a network service, the program (called the client) asserts
to the service that it is running on behalf of the user. This provides a very low level of security.
Consider the example of Berkeley rlogin. If a user rlogins to an account under his own name, but on
another machine, and if the user's .rhosts is set correctly, the rlogin program will assert the user's
identity to the rlogin daemon on the remote machine, and the daemon does not require a password
for login. This can become disastrous if an attacker is somehow able either to convince the rlogin
program that he/she is the legitimate user, or to rewrite a mutant version of rlogin asserting that
identity to the remote machine.
An alternative to this situation is to require a user to enter a password each time he/she accesses a
network service. This is a very time-consuming process, and it is insecure when users access services
on a remote machine. When a user is logged on to a remote machine and then logs in from there to
another remote machine, the password travels unencrypted through the network.
Kerberos fixes these problems because it provides single-sign-on, which lets a user log in to a system
and access multiple systems or applications without the need to enter the user name and password
multiple times. In addition, Kerberos is designed so that entities have to authenticate themselves by