Difference between revisions of "Kerberos"
Jump to navigation
Jump to search
↑ https://linux.die.net/man/5/krb5.conf
↑ https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
↑ https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
Tags: Mobile web edit, Mobile edit |
|||
(14 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[wikipedia:Kerberos (protocol)|Kerberos]] is a computer-network [[authentication protocol]] that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses [[UDP]] port 88 by default | [[wikipedia:Kerberos (protocol)|Kerberos]] is a computer-network [[authentication protocol]] that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses [[UDP]] port 88 by default | ||
− | At least two implementations are available, [Heimdal]( https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/). | + | At least two implementations are available, [Heimdal]( https://www.h5l.org/) and ([[MIT]])(https://web.mit.edu/kerberos/). |
[[OpenSSH]] implements Kerberos support [[OpenSSH release notes|since early versions]]. | [[OpenSSH]] implements Kerberos support [[OpenSSH release notes|since early versions]]. | ||
− | * Binaries: <code>ktutil</code>, <code>klist</code>, <code>kinit</code> | + | * Binaries: <code>[[ktutil]]</code>, <code>[[klist]]</code>, <code>[[kinit]]</code> |
− | |||
− | |||
A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides. | A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides. | ||
+ | == Configuration files == | ||
+ | * <code>[[/etc/krb5.conf]]</code><ref>https://linux.die.net/man/5/krb5.conf</ref> | ||
− | + | == Commands == | |
− | == | + | * <code>[[kinit admin]]</code> |
− | * <code> | + | * <code>[[klist]]</code> |
== Activities == | == Activities == | ||
− | # Install Kerberos KDC Server and Client in Linux: <code>apt install krb5-kdc krb5-admin-server krb5-config -y</code><ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref> | + | # Install Kerberos [[KDC]] Server and Client in Linux: <code>apt install krb5-kdc krb5-admin-server krb5-config -y</code><ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref> |
# Understand why [[time synchronization]] and [[Domain Name System|DNS]] plays an important role in order to work KDC properly<ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref> | # Understand why [[time synchronization]] and [[Domain Name System|DNS]] plays an important role in order to work KDC properly<ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref> | ||
# Read about SPNEGO | # Read about SPNEGO | ||
− | |||
== Related terms == | == Related terms == | ||
* [[FreeIPA]] | * [[FreeIPA]] | ||
− | * kpasswd port [[464]] | + | * <code>[[kpasswd]]</code> port [[464]] |
+ | * [[SPAKE]] | ||
+ | * [[PKINIT]] | ||
+ | * [[Windows Remote Management (WinRM)]] | ||
+ | * [[Amazon RDS]] | ||
== See also == | == See also == | ||
+ | * {{pam_krb5}} | ||
* {{kerberos}} | * {{kerberos}} | ||
* {{AAA}} | * {{AAA}} | ||
− | |||
[[Category:security]] | [[Category:security]] |
Latest revision as of 12:19, 21 September 2023
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses UDP port 88 by default
At least two implementations are available, [Heimdal]( https://www.h5l.org/) and (MIT)(https://web.mit.edu/kerberos/).
OpenSSH implements Kerberos support since early versions.
A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.
Configuration files[edit]
Commands[edit]
Activities[edit]
- Install Kerberos KDC Server and Client in Linux:
apt install krb5-kdc krb5-admin-server krb5-config -y
[2] - Understand why time synchronization and DNS plays an important role in order to work KDC properly[3]
- Read about SPNEGO
Related terms[edit]
See also[edit]
- pam_krb5
- AAA, Kerberos, KDC,
kinit, klist, ktutil, /etc/krb5.conf, krb5-workstation, pam_krb5
- AAA: Authc, Authz, Password policy, OAuth, OpenID, OIDC, LDAP, RADIUS, TACACS+, XTACACS, SAML, Secure LDAP, IEEE 802.1X, CHAP, RBAC, MFA, SCIM, Amazon Cognito
Advertising: