You should read this list of Kerberos facts if you read nothing else in this article. Kerberos is an important protocol that’s sometimes misunderstood by administrators.
- Kerberos is an industry standard that was initially developed by MIT in the 1980’s. The current version, Kerberos 5, is defined in RFC 1510.
- If you log on to an Active Directory (AD) domain from a computer running Windows 2000 or later, you are probably relying on the Kerberos 5 authentication protocol to access a wide array of network resources, such as AD domain resources, file shares, print services, Microsoft IIS, and even resources protected by IPSec.
- Kerberos is currently the most secure authentication mechanism supported by AD.
- Kerberos is the best choice for most Microsoft Office SharePoint Server 2007 (MOSS) implementations in an intranet or extranet where users log on to an AD domain.
- Kerberos is the only Windows authentication protocol that provides constrained delegation (aka double-hop authentication) and protocol transition.
- Windows Integrated Authentication is a superset of the authentication protocols Kerberos and NTLM.
- Kerberos Digest and Basic authentication (augmented for security with TLS/SSL) protocols aren’t part of Windows Integrated Authentication but are available via the Security Support Provider Interface (SSPI) in Windows.
- Kerberos authentication to a Web site requires that your Microsoft browser be Microsoft Internet Explorer 5.0 or above. Mozilla Firefox and other browsers also support Kerberos authentication.
- Kerberos works for both password-based and smart card-enabled authentication.
- In Greek mythology, Kerberos/Cerberus was the Greek god, Hades’, watchdog-a threeheaded canine that guarded the gates of the underworld.
0 comments
Hide comments