diff options
Diffstat (limited to 'network/krb5/README.krb5')
-rw-r--r-- | network/krb5/README.krb5 | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/network/krb5/README.krb5 b/network/krb5/README.krb5 new file mode 100644 index 0000000000000..72c522b6a7fe1 --- /dev/null +++ b/network/krb5/README.krb5 @@ -0,0 +1,52 @@ +Kerberos is a network authentication protocol. It is designed to +provide strong authentication for client/server applications by using +secret-key cryptography. A free implementation of this protocol is +available from the Massachusetts Institute of Technology. Kerberos is +available in many commercial products as well. + +The Internet is an insecure place. Many of the protocols used in the +Internet do not provide any security. Tools to "sniff" passwords off +of the network are in common use by malicious hackers. Thus, +applications which send an unencrypted password over the network are +extremely vulnerable. Worse yet, other client/server applications rely +on the client program to be "honest" about the identity of the user +who is using it. Other applications rely on the client to restrict its +activities to those which it is allowed to do, with no other +enforcement by the server. + +Some sites attempt to use firewalls to solve their network security +problems. Unfortunately, firewalls assume that "the bad guys" are on +the outside, which is often a very bad assumption. Most of the really +damaging incidents of computer crime are carried out by insiders. +Firewalls also have a significant disadvantage in that they restrict +how your users can use the Internet. (After all, firewalls are simply +a less extreme example of the dictum that there is nothing more secure +then a computer which is not connected to the network --- and powered +off!) In many places, these restrictions are simply unrealistic and +unacceptable. + +Kerberos was created by MIT as a solution to these network security +problems. The Kerberos protocol uses strong cryptography so that a +client can prove its identity to a server (and vice versa) across an +insecure network connection. After a client and server has used +Kerberos to prove their identity, they can also encrypt all of their +communications to assure privacy and data integrity as they go about +their business. + +Kerberos is freely available from MIT, under copyright permissions +very similar those used for the BSD operating system and the X Window +System. MIT provides Kerberos in source form so that anyone who wishes +to use it may look over the code for themselves and assure themselves +that the code is trustworthy. In addition, for those who prefer to +rely on a professionally supported product, Kerberos is available as a +product from many different vendors. + +In summary, Kerberos is a solution to your network security problems. +It provides the tools of authentication and strong cryptography over +the network to help you secure your information systems across your +entire enterprise. We hope you find Kerberos as useful as it has been +to us. At MIT, Kerberos has been invaluable to our +Information/Technology architecture. + +Additional information is available from the MIT Kerberos website: +http://web.mit.edu/kerberos/ |