xref: /freebsd/crypto/krb5/src/windows/leash/htmlhelp/html/Kerberos.htm (revision 4b15965daa99044daf184221b7c283bf7f2d7e66)
1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
2<html><head>
3<meta name="GENERATOR" content="Microsoft� HTML Help Workshop 4.1">
4<link rel="stylesheet" type="text/css" href="Leash.css">
5
6<title>What is Kerberos?</title></head>
7
8<body>
9
10<h1> Kerberos </h1>
11<h2>What is Kerberos? </h2>
12<p>
13Kerberos is a network authentication protocol that allows users to
14securely access services over a physically insecure network. Kerberos,
15or MIT Kerberos, is also the name of this application. MIT Kerberos
16provides an easy interface to the Kerberos protocol.</p>
17
18<p>
19In addition to providing secure access to services, Kerberos adds
20convenience by allowing you to sign on just once to use many network
21resources such as servers, hosts, or other services.</p>
22<p>
23Kerberos gives you this convenience and security through the use of
24single sign on, mutual authentication, and secret key encryption. </p>
25
26<p>
27<table>
28<tbody><tr>
29<th>Single Sign On </th>
30</tr>
31<tr>
32<td>  Your Kerberos identity (your <em><a href="JavaScript:popup.TextPopup(popupPrincipal, popfont,9,9,-1,-1)">principal</a></em>)
33and your password allow you to log on just once to access all of the
34servers, hosts, and other resources that use the Kerberos installation.
35No matter how many resources you use, you will not need to enter your
36password again. </td>
37</tr>
38<tr>
39<th>Mutual Authentication </th>
40</tr>
41<tr>
42<td> Authentication is proof of identity. Any protocol or service that
43demands a password is authenticating the user. However, Kerberos
44provides <i>mutual</i> authentication, so in addition to proving your
45identity to the server, it proves that the server you are communicating
46with is what it claims to be. This protects you against <a href="JavaScript:popup.TextPopup(popupPhishing, popfont,9,9,-1,-1)"> phishing </a> and <a href="JavaScript:popup.TextPopup(popupSpoofing, popfont,9,9,-1,-1)"> spoofing. </a></td>
47</tr>
48<tr>
49<th>Secret-Key Encryption </th>
50</tr>
51<tr>
52<td>
53Kerberos prevents malicious attempts to intercept your password by
54encrypting your password before transmitting it. In addition, once you
55and the server have proved your identities to each other, Kerberos uses
56secret-key cryptography to secure the rest of your communications. This
57helps maintain your privacy and the integrity of your data.</td>
58</tr>
59 </tbody></table>
60</p><h2>Related Help</h2>
61<ul id="helpul">
62<li><a href="HTML/Kerberos_Terminology.htm">Kerberos terminology</a></li>
63<li><a href="HTML/Encryption_Types.htm">Encryption types</a></li>
64<li><a href="HTML/How_Kerberos_Works.htm">How does Kerberos work?</a></li>
65</ul>
66
67<script language="JavaScript">
68popfont="Arial,.725,"
69popupPhishing="A type of email scam. The scammer sends an email that appears  to come from a legitimate company asking you to log on to the company website using the included link. The link takes you instead to a fake website modeled after that of the real company. If you try to log on, the fake website harvests your username and password for later malicious use."
70popupSpoofing="To 'spoof' means to fake. Hackers can spoof email (making you think the email came from a trusted source), websites (making you think a website is legitimate), and IP addresses. IP spoofing can be used to hijack your browser and take you to fradulent web page that looks legitimate and can be used harvest your username and password."
71popupPrincipal="Your principal is your Kerberos identity. It is your user name combined with the Kerberos realm you are using. For example: 'jdoe@SALES.WIDGET.COM' "
72</script>
73
74<object id="popup" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">
75</object>
76</body></html>
77