Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need. Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting. In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations. If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.
Customer Reviews:
Avg. Customer Rating: 4.0 / 5.0
Will Get You Up and Running (1stEd):
First I would like to justify my 5 star rating. This book helped me out of a nasty multi-homed host and DNS problem when no other source could. Without this book I would have been troubleshooting this issue for days. I feel the book has paid for itself. However, I wouldn't consider this "The Definitive Guide." It lacks documentation on the krb5.conf configuration file. I found myself referencing the krb5.conf(5) man page for additional info. Also, the documentation that comes with Heimdal is a very... more info
Good Starting Point:
This has very superb explanations about the Kerberos authentication concepts. As a Windows system administrator, this has helped me immensely in understanding what's under the hood of Active Directory. In delving into Windows-Linux interoperability experiments, this book was invaluable in presenting different scenarios. I decided to be bold and try have Linux directly authenticate to Windows Server 2003 KDC using information from Chapter 8 "Advanced Topics". I was able to learn the concepts and get... more info
Kerberos intimidates a lot of people, don't be one of them:
I got started using Kerberos many moons ago, at my university. This is probably how many people got to know about it. While I didn't use it very much, it's there that I learned the basics and experimented a bit with Kerberos. Interest in it took off after Microsoft incorporated Kerberos authentication mechanisms into Windows 2000. Suddenly it wasn't such arcane knowledge. Two open source Kerberos implementations exist, the MIT reference implementation, and the Heimdal Kerberos implementation. Even... more info
Reasonably thorough introduction and guide, but needs updated:
Like most O'Reilly titles, this book covers the general topics one needs to be conversant in a given topic. Take what you read, do a few web searches, experiment with the technology, discuss the concepts with others - this book will give you a solid foundation to get started. Moreover, like other O'Reilly topics one can see errata, etc. on the O'Reilly website. This book easily meets the high expectations one has of a book from this publisher: conversational tone, lots of hands-on examples, and broad... more info
