We enumerate the
merits of those technologies, and we try to pinpoint the reasons
why they are still not the ideal universal system for handling
identities on the Internet.
Tokens are very
popular in network
software
72 The Problem
Kerberos
Kerberos is the name of an authentication protocol, originally
developed by the Massachusetts Institute of Technology (MIT) in
the 1980s and today widely adopted by many products and
operating systems. Windows has used it since Windows 2000,
Apache uses it, Mac OS X uses it, Cisco uses it, and so on. Its
three decades of success are a proof of its ef?¬?cacy.
After all the cryptography legwork we have done so far, understanding
how Kerberos works will not be a problem. We need,
however, to establish some terminology before proceeding.
In Kerberos terms, a principal is just everything that can be authenticated
or that requires authentication before being used.
This is a blanket de?¬?nition that covers users, resources such as
applications and services, practically everything that can participate
at either end of an authentication transaction. Principals are
grouped in realms. (Those familiar with Windows terminology
can think of those as domains.
Pages:
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140