Difference between revisions of "Kerberos"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[[wikipedia:Kerberos (protocol)|Kerberos]] is a computer-network [[authentication protocol]] that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses [[UDP]] port 88 by default
 
[[wikipedia:Kerberos (protocol)|Kerberos]] is a computer-network [[authentication protocol]] that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses [[UDP]] port 88 by default
  
At least two implementations are available,  [Heimdal]( https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/).
+
At least two implementations are available,  [Heimdal]( https://www.h5l.org/) and ([[MIT]])(https://web.mit.edu/kerberos/).
  
 
[[OpenSSH]] implements Kerberos support [[OpenSSH release notes|since early versions]].
 
[[OpenSSH]] implements Kerberos support [[OpenSSH release notes|since early versions]].
  
* Binaries: <code>ktutil</code>, <code>klist</code>, <code>kinit</code>
+
* Binaries: <code>[[ktutil]]</code>, <code>[[klist]]</code>, <code>[[kinit]]</code>
 
 
 
 
  
 
A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.
 
A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.
  
 +
== Configuration files ==
 +
* <code>[[/etc/krb5.conf]]</code><ref>https://linux.die.net/man/5/krb5.conf</ref>
  
 
+
== Commands ==
== Configuration files ==
+
* <code>[[kinit admin]]</code>
* <code>/etc/[[krb5.conf]]</code><ref>https://linux.die.net/man/5/krb5.conf</ref>
+
* <code>[[klist]]</code>
  
 
== Activities ==
 
== Activities ==
# Install Kerberos KDC Server and Client in Linux: <code>apt install krb5-kdc krb5-admin-server krb5-config -y</code><ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref>
+
# Install Kerberos [[KDC]] Server and Client in Linux: <code>apt install krb5-kdc krb5-admin-server krb5-config -y</code><ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref>
 
# Understand why [[time synchronization]] and [[Domain Name System|DNS]] plays an important role in order to work KDC properly<ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref>
 
# Understand why [[time synchronization]] and [[Domain Name System|DNS]] plays an important role in order to work KDC properly<ref>https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04</ref>
 
# Read about SPNEGO
 
# Read about SPNEGO
 
  
 
== Related terms ==
 
== Related terms ==
 
* [[FreeIPA]]
 
* [[FreeIPA]]
* kpasswd port [[464]]
+
* <code>[[kpasswd]]</code> port [[464]]
 +
* [[SPAKE]]
 +
* [[PKINIT]]
 +
* [[Windows Remote Management (WinRM)]]
 +
* [[Amazon RDS]]
  
 
== See also ==  
 
== See also ==  
 +
* {{pam_krb5}}
 
* {{kerberos}}
 
* {{kerberos}}
 
* {{AAA}}
 
* {{AAA}}
* [[OpenSSH]]: <code>[[ssh-keygen]]</code>
 
  
 
[[Category:security]]
 
[[Category:security]]

Latest revision as of 12:19, 21 September 2023

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses UDP port 88 by default

At least two implementations are available, [Heimdal]( https://www.h5l.org/) and (MIT)(https://web.mit.edu/kerberos/).

OpenSSH implements Kerberos support since early versions.

A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.

Configuration files[edit]

Commands[edit]

Activities[edit]

  1. Install Kerberos KDC Server and Client in Linux: apt install krb5-kdc krb5-admin-server krb5-config -y[2]
  2. Understand why time synchronization and DNS plays an important role in order to work KDC properly[3]
  3. Read about SPNEGO

Related terms[edit]

See also[edit]

  • https://linux.die.net/man/5/krb5.conf
  • https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
  • https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
  • Advertising: