"Kerberos: The Definitive Guide", Jason Garman, 2003, 0-596-00403-6,
%A Jason Garman
%C 103 Morris Street, Suite A, Sebastopol, CA 95472
%I O'Reilly & Associates, Inc.
%O U$34.95/C$54.95 800-998-9938 fax: 707-829-0104 nuts@...
%P 253 p.
%T "Kerberos: The Definitive Guide"
Kerberos is not flashy, but it is a venerable and mature technology.
Yes, it has limited scalability, but most of the "successful" PKI
(Public Key Infrastructure) projects are small enough that they could
easily have been accomplished with Kerberos technology: an eminently
elegant solution to the problem of communicating and authenticating
over any channel that is, or must be, assumed to be insecure.
Chapter one provides a history, base concepts, and variants of
Kerberos. Terms and components are given in chapter two. The
Needham-Schroeder work, and the idea of ticket-granting, is in chapter
three. Implementation, in chapter four, reviews design, UNIX and
Windows servers, and special considerations for a mixed environment.
The troubleshooting chapter, five, for once comes early enough in a
book to be of use. Security aspects external to Kerberos, and
specific settings for different implementations, are covered in
chapter six. Chapter seven looks at some generic support for
applications, as well as some specific programs that already have
Kerberos support built in. Cross realm trust is one of the advanced
topics, but most of chapter eight concentrates on special requirements
for Windows. Chapter nine is a kind of review of the book, involving
the various topics that have been discussed in a sample Kerberos
installation. Chapter ten looks at the future of Kerberos, with
possible public key additions, Web applications, and smartcards. An
appendix contains an administrative command list.
While Kerberos may not be as highly regarded as the more
mathematically complex asymmetric cryptographic systems, it still have
many uses, and this book provides the outline, background, and details
to help you take full advantage of them.
copyright Robert M. Slade, 2003 BKKRBSDG.RVW 20031018
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Hanlon's razor: Never attribute to malice that which can be
adequately explained by stupidity.