The MIT Kerberos Administrator’s How
Protocol, Installation and Single Sign On
First part - Introducing Kerberos
In the real world, identification is something we, as human beings, do naturally: through physical appearance,voice patterns, or even scent. It is based on the assumption that those attributes are unique, and that they can betrusted. This ability provides us with the possibility to distinguish one person from another.However, when put in a situation where we're not able to use those attributes to identify someone, as in a phone call for example, we're left with finding some other means to prove our identitys. We sometimesidentify ourselves with what is called a "shared secret", where one party asks the other party to prove hisidentity through information that is only known by both, like a password.When we add a computer to this mechanism, with an identification that needs to be provided over a network,things are going a little more complex. Sending this "shared secret", or password, over an unsecured network can be compared to shouting your password in a crowded room.Many authentication mechanisms were developped during the last decade to solve those problems; Kerberos isone of them. Often seen as an advanced system that offers many more advantages over commonly used setups,such as distributed authentication based on Network Information Server (NIS). This white paper is intended tointroduce, describe, and explain a Kerberos environnement, and how to deploy such system for maximumefficiency with Single Sign On (SSO).
Unix historical authentication and authorization system: NIS
Today, NIS remains the system of choice for network authentication and authorization, were it is used in anenvironment that consists of a server (containing all the necessary directory services,like
), and clients, which need this information to allow (or deny) access to certain persons. NIS (and his counterpart, NIS+) were developed with "central authentication" in mind: administrators have the possibility to create realm accounts, and, with the help of file sharing systems (like NFS), share profiles over an entire network. NIS is easy to set up and manage, which makes it so popular. However, it remains fundamentaly flawed on thesecurity front. For example, NIS communications are cleartext based. Even unpriviledged users are able todisplay the content of the passwd database, through yp (yellow pages) commands. NIS does not provide any kind of Single Sign On mechanisms, the ability to securely store authenticators onthe client, preventing the user to re-enter passwords when accessing services (file sharing, intranet, mails, ...).All in all, on the authentication side, NIS has some flaws that Kerberos tends to solve with his ownimplementation.Those flaws are:1.
No secure propagation of user authenticators. With some time, anyone using a sniffer is able to get allthe cleartext or hashed password propagated on the network. With Kerberos, password never cross thenetwork, even on first login.