ZeroShell    Forum
   Feed RSS Feed
EnglishEnglish     ItalianoItaliano     French     Spanish                Zeroshell on LinkedIn LinkedIn       Facebook      Twitter ZeroTruth an interface for Captive Portal


      What is it?
      Screenshots
      License
      Announcements
      Mailing List
      Forum
      Documentation  
      FAQ
      Hardware
      Download
      On-line Updates
      Kerberos Tutorial  
      Terms of use
      Contact me


  In greater details:
      Hotspot Router
      RADIUS Accounting
      Shibboleth SP
      Performances
      Net Balancer
      UMTS Router
      Soekris Net5501
      Proxy with Antivirus
      WiFi Access Point
      OpenVPN Client
      OpenVPN Server
      QoS
      OpenDNS
      Kerberos 5
      NIS and LDAP
      X.509 Certificates
      RADIUS
      VPN
      Firewall


Valid HTML 4.01 Transitional

Kerberos 5 authentication protocol

One of the main problem in a LAN is that of recognizing (authenticating) with certainty, those users wishing to access the services offered: local and remote login sessions on Unix hosts or Windows workstations, access to IMAP or POP3 servers for checking e-mail, are only some examples where the user must be authenticated prior to gaining access. On the other hand, even the servers offering such services must prove their identities to users: indeed, it would be unwelcome if a fake server, entered in a LAN by an intruder, stoles secrets from unaware users believing they had accessed the legitimate service.

To solve such problems, Zeroshell uses the Kerberos 5 mutual authentication protocol (RFC 1510). It is a robust and increasingly widespread protocol, which through the use of tickets and authenticators, is able to provide the user with authenticated access to the services and to guarantee the authenticity of the same.

Thanks to the use of Kerberos 5, Zeroshell can establish trust relationships with other realms (these are what the authentication domains in Kerberos 5 are called) and allow users in a domain to access the resources and services of another domain. In particular, the use of Kerberos 5 by Microsoft as the main authentication system in Active Directory, makes it possible to start trust relationships between the realms managed by Zeroshell and Windows domains (from Windows 2000 upwards): this way one can obtain complete integration between the Unix and Windows environments, since users can access both Unix and Windows services indifferently with a single Kerberos account.

Another advantage of using Kerberos 5 is the Single Sign-On (SSO): the user enters the credentials (Username/Password) only once per work session by obtaining a ticket which allows access to the various services in a transparent manner and without having to re-authenticate.

For greater details about kerberos protocol you can read Kerberos Tutorial




    Copyright (C) 2005-2013 by Fulvio Ricciardi