Difference between revisions of "Kerberos"
Jump to navigation
Jump to search
↑ https://linux.die.net/man/5/krb5.conf
↑ https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
↑ https://linuxconfig.org/how-to-install-kerberos-kdc-server-and-client-on-ubuntu-18-04
Tags: Mobile web edit, Mobile edit |
|||
| Line 26: | Line 26: | ||
* [[SPAKE]] | * [[SPAKE]] | ||
* [[PKINIT]] | * [[PKINIT]] | ||
| + | * [[Windows Remote Management (WinRM)]] | ||
== See also == | == See also == | ||
Revision as of 08:36, 10 August 2020
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos uses UDP port 88 by default
At least two implementations are available, [Heimdal]( https://www.h5l.org/) and (MIT)(https://web.mit.edu/kerberos/).
OpenSSH implements Kerberos support since early versions.
A Kerberos realm is the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service. A realm name is often, but not always the upper case version of the name of the DNS domain over which it presides.
Configuration files
Commands
Activities
- Install Kerberos KDC Server and Client in Linux:
apt install krb5-kdc krb5-admin-server krb5-config -y[2] - Understand why time synchronization and DNS plays an important role in order to work KDC properly[3]
- Read about SPNEGO
Related terms
- FreeIPA
- kpasswd port 464
- SPAKE
- PKINIT
- Windows Remote Management (WinRM)
See also
- AAA, Kerberos, KDC,
kinit, klist, ktutil, /etc/krb5.conf, krb5-workstation, pam_krb5 - AAA: Authc, Authz, Password policy, OAuth, OpenID, OIDC, LDAP, RADIUS, TACACS+, XTACACS, SAML, Secure LDAP, IEEE 802.1X, CHAP, RBAC, MFA, SCIM, Amazon Cognito
- OpenSSH:
ssh-keygen
Advertising:
