Kerberos

Or: Mutual authentication, for a mutually sketchy world

Kerberos re-defines traditional concepts of user authentication by authenticating not only the client, but also the server in the transaction. Unfortunately, it also makes your KDCs really attractive targets to attack, so it's important that these machines be single purpose, and well secured.

At this point, you're probably thinking "wow, that sounds hard". well, I thought so too, until i tried it.

I'll be adding more to this as i re-build the KDC in a production environment.

Links:


Unless otherwise noted, all content is copyright Marc Dougherty and is subject to a Creative Commons license.