|
Distributed Computing Consulting Sweet Hall, 2nd Floor Desk Hours: M-F 10 am - 5 pm; Cluster Always Open (650) 725-2101
|
AFS Intro | F.A.Q. | Basic AFS | Advanced AFS | Kerberos | Features | Other Info
Basically, Kerberos is a security system that helps prevent people from stealing information that gets sent across the wires from one computer to another. Usually, these people are after your password.
The name "Kerberos" comes from the mythological three-headed dog whose duty it was to guard the entrance to Hell. The Kerberos security system, on the other hand, guards electronic transmissions that get sent across the Internet. It does this by scrambling the information -- encrypting it -- so that only the computer that's supposed to receive the information can unscramble it. In addition, it makes sure that your password itself never gets sent across the wire: only a scrambled "key" to your password.
Kerberos is necessary because there are people who know how to tap the lines between computers and listen for your password. They do this with programs called "sniffers", and the only way to stop them would be to physically guard every inch of the Internet ... computers, cables and all. This, of course, is impossible. As long as there are physically insecure networks in the world and at Stanford, we'll need something like Kerberos to maintain the integrity and security of our electronic communications.
So, how do you make Kerberos work? In some places, it's done for you. The Sweet Hall workstations, for example, use kerberos automatically, so that when you sit down and log in, your passwords are encrypted and your login is secure. But what about the computer on your desktop?
Unfortunately, kerberos won't help you unless you get the software that brings it into action. At Stanford, kerberos is designed to work hand in glove with MacLeland, PC-Leland, or the Unix Kerberos kits. You have to get these programs, install them, and use them in order to keep your computing secure.
If you're curious, you can take a look at a diagram that uses arrows and circles and squares to illustrate how these programs use kerberos to protect your password. As you can see, kerberos technology exchanges "keys" and "tickets" over the network instead of actual passwords. Kerberos makes the keys and tickets themselves indecipherable, so you're doubly protected.
For more information about what kerberos is and does, check out some of the following URLs: