Red Hat ENTERPRISE LINUX 3 Reference Manual

Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guide Installation guide Installation guide Installation guide Manual

Contents

Chapter 18.KerberosSystem security and integrity within a network can be unwieldy. It can occupy the time of severaladministrators just to keep track of what services are being run on a network and the manner in whichthese services are used. Moreover, authenticating users to network services can prove dangerous whenthe method used by the protocol is inherently insecure, as evidenced by the transfer of unencryptedpasswords over a network under the FTP and Telnet protocols. Kerberos is a way to eliminate the needfor protocols that allow unsafe methods of authentication, thereby enhancing overall network security.18.1. What is Kerberos?Kerberos is a network authentication protocol created by MIT which uses symmetric-key cryptog-raphy1 to authenticate users to network services — eliminating the need to send passwords over thenetwork. When users authenticate to network services using Kerberos, unauthorized users attemptingto gather passwords by monitoring network traffic are effectively thwarted.18.1.1. Advantages of KerberosMost conventional network services use password-based authentication schemes. Such schemes re-quire a user to authenticate to a given network server by supplying their user name and password.Unfortunately, the transmission of authentication information for many services is unencrypted. Forsuch a scheme to be secure, the network has to be inaccessible to outsiders, and all computers andusers on the network must be trusted and trustworthy.Even if this is the case, once a network is connected to the Internet, it can no longer be assumedthat the network is secure. Any attacker who gains access to the network can use a simple packetanalyzer, also known as a packet sniffer, to intercept usernames and passwords sent in this manner,compromising user accounts and the integrity of the entire security infrastructure.The primary design goal of Kerberos is to eliminate the transmission of unencrypted passwords acrossthe network. If used properly, Kerberos effectively eliminates the threat packet sniffers would other-wise pose on a network.18.1.2. Disadvantages of KerberosAlthough Kerberos removes a common and severe security threat, it may be difficult to implement fora variety of reasons:• Migrating user passwords from a standard UNIX password database, such as /etc/passwd or/etc/shadow, to a Kerberos password database can be tedious, as there is no automated mech-anism to perform this task. For more information, refer to question number 2.23 in the onlineKerberos FAQ:http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html• Kerberos has only partial compatibility with the Pluggable Authentication Modules (PAM) systemused by most Red Hat Enterprise Linux servers. For more information about this issue, refer toSection 18.4 Kerberos and PAM.1. A system where both the client and the server share a common key that is used to encrypt and decryptnetwork communication