Kerberos is a sophisticated network authentication system—one that has been publicly available since 1989 and provides that eternal holy grail of network administrators, single-sign-on. Yet, in that intervening decade, documentation on Kerberos has been notably lacking. While many large organizations and academic institutions have enjoyed the benefits of using Kerberos in their networks, the deployment of Kerberos in smaller networks has been severely hampered by a lack of documentation.
I decided to write this book precisely because of this lack of useful documentation. My own experiences with Kerberos are those of extreme frustration as I attempted to decipher the documentation. I found that I had to keep copious notes to keep everything straight. Those notes eventually became the outline of this book.
Today, Microsoft, through its adoption of the latest Kerberos protocol as the preferred authentication mechanism in its Active Directory, has single-handedly driven the use of Kerberos into the majority of the operating-system market that it controls. Thanks to the openness of Kerberos, organizations now can establish cross-platform, single sign-on network environments, giving an end-user one set of credentials that will provide him access to all network resources, regardless of platform or operating system. Yet the workings and benefits of Kerberos remain a mystery to most network administrators. This book aims to pull away the curtain and reveal the magician working behind the scenes.
This book is geared toward the system administrator who wants to establish a single sign-on network using Kerberos. This book is also useful for anyone interested in how Kerberos performs its magic: the first three chapters will be most helpful to these people.