aboutsummaryrefslogtreecommitdiff
path: root/network/krb5/README.krb5
diff options
context:
space:
mode:
Diffstat (limited to 'network/krb5/README.krb5')
-rw-r--r--network/krb5/README.krb552
1 files changed, 52 insertions, 0 deletions
diff --git a/network/krb5/README.krb5 b/network/krb5/README.krb5
new file mode 100644
index 0000000000000..72c522b6a7fe1
--- /dev/null
+++ b/network/krb5/README.krb5
@@ -0,0 +1,52 @@
+Kerberos is a network authentication protocol. It is designed to
+provide strong authentication for client/server applications by using
+secret-key cryptography. A free implementation of this protocol is
+available from the Massachusetts Institute of Technology. Kerberos is
+available in many commercial products as well.
+
+The Internet is an insecure place. Many of the protocols used in the
+Internet do not provide any security. Tools to "sniff" passwords off
+of the network are in common use by malicious hackers. Thus,
+applications which send an unencrypted password over the network are
+extremely vulnerable. Worse yet, other client/server applications rely
+on the client program to be "honest" about the identity of the user
+who is using it. Other applications rely on the client to restrict its
+activities to those which it is allowed to do, with no other
+enforcement by the server.
+
+Some sites attempt to use firewalls to solve their network security
+problems. Unfortunately, firewalls assume that "the bad guys" are on
+the outside, which is often a very bad assumption. Most of the really
+damaging incidents of computer crime are carried out by insiders.
+Firewalls also have a significant disadvantage in that they restrict
+how your users can use the Internet. (After all, firewalls are simply
+a less extreme example of the dictum that there is nothing more secure
+then a computer which is not connected to the network --- and powered
+off!) In many places, these restrictions are simply unrealistic and
+unacceptable.
+
+Kerberos was created by MIT as a solution to these network security
+problems. The Kerberos protocol uses strong cryptography so that a
+client can prove its identity to a server (and vice versa) across an
+insecure network connection. After a client and server has used
+Kerberos to prove their identity, they can also encrypt all of their
+communications to assure privacy and data integrity as they go about
+their business.
+
+Kerberos is freely available from MIT, under copyright permissions
+very similar those used for the BSD operating system and the X Window
+System. MIT provides Kerberos in source form so that anyone who wishes
+to use it may look over the code for themselves and assure themselves
+that the code is trustworthy. In addition, for those who prefer to
+rely on a professionally supported product, Kerberos is available as a
+product from many different vendors.
+
+In summary, Kerberos is a solution to your network security problems.
+It provides the tools of authentication and strong cryptography over
+the network to help you secure your information systems across your
+entire enterprise. We hope you find Kerberos as useful as it has been
+to us. At MIT, Kerberos has been invaluable to our
+Information/Technology architecture.
+
+Additional information is available from the MIT Kerberos website:
+http://web.mit.edu/kerberos/