1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> 2<html><head> 3<meta name="GENERATOR" content="Microsoft� HTML Help Workshop 4.1"> 4<link rel="stylesheet" type="text/css" href="Leash.css"> 5 6<title>What is Kerberos?</title></head> 7 8<body> 9 10<h1> Kerberos </h1> 11<h2>What is Kerberos? </h2> 12<p> 13Kerberos is a network authentication protocol that allows users to 14securely access services over a physically insecure network. Kerberos, 15or MIT Kerberos, is also the name of this application. MIT Kerberos 16provides an easy interface to the Kerberos protocol.</p> 17 18<p> 19In addition to providing secure access to services, Kerberos adds 20convenience by allowing you to sign on just once to use many network 21resources such as servers, hosts, or other services.</p> 22<p> 23Kerberos gives you this convenience and security through the use of 24single sign on, mutual authentication, and secret key encryption. </p> 25 26<p> 27<table> 28<tbody><tr> 29<th>Single Sign On </th> 30</tr> 31<tr> 32<td> Your Kerberos identity (your <em><a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a></em>) 33and your password allow you to log on just once to access all of the 34servers, hosts, and other resources that use the Kerberos installation. 35No matter how many resources you use, you will not need to enter your 36password again. </td> 37</tr> 38<tr> 39<th>Mutual Authentication </th> 40</tr> 41<tr> 42<td> Authentication is proof of identity. Any protocol or service that 43demands a password is authenticating the user. However, Kerberos 44provides <i>mutual</i> authentication, so in addition to proving your 45identity to the server, it proves that the server you are communicating 46with is what it claims to be. This protects you against <a href="JavaScript:popup.TextPopup(popupPhishing, popfont,9,9,-1,-1)"> phishing </a> and <a href="JavaScript:popup.TextPopup(popupSpoofing, popfont,9,9,-1,-1)"> spoofing. </a></td> 47</tr> 48<tr> 49<th>Secret-Key Encryption </th> 50</tr> 51<tr> 52<td> 53Kerberos prevents malicious attempts to intercept your password by 54encrypting your password before transmitting it. In addition, once you 55and the server have proved your identities to each other, Kerberos uses 56secret-key cryptography to secure the rest of your communications. This 57helps maintain your privacy and the integrity of your data.</td> 58</tr> 59 </tbody></table> 60</p><h2>Related Help</h2> 61<ul id="helpul"> 62<li><a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a></li> 63<li><a href="HTML/Encryption_Types.htm">Encryption types</a></li> 64<li><a href="HTML/How_Kerberos_Works.htm">How does Kerberos work?</a></li> 65</ul> 66 67<script language="JavaScript"> 68popfont="Arial,.725," 69popupPhishing="A type of email scam. The scammer sends an email that appears to come from a legitimate company asking you to log on to the company website using the included link. The link takes you instead to a fake website modeled after that of the real company. If you try to log on, the fake website harvests your username and password for later malicious use." 70popupSpoofing="To 'spoof' means to fake. Hackers can spoof email (making you think the email came from a trusted source), websites (making you think a website is legitimate), and IP addresses. IP spoofing can be used to hijack your browser and take you to fradulent web page that looks legitimate and can be used harvest your username and password." 71popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' " 72</script> 73 74<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"> 75</object> 76</body></html> 77