Kerberos: The Network Authentication Protocol
Recent News
Old news is archived.
22 Oct 2007 - Kerberos for Windows 3.2.2 is released
MIT Kerberos for Windows
3.2.2 is released.
22 Oct 2007 - krb5-1.6.3 is released
The krb5-1.6.3 source release is now available.
04 Sep 2007 - MITKRB5-SA-2007-006
kadmind vulnerable to RPC lib buffer overflow, uninitialized pointer
10 Jul 2007 - krb5-1.5.4 is released
The krb5-1.5.4 source release is now available.
26 Jun 2007 - two security advisories released
MITKRB5-SA-2007-004
MITKRB5-SA-2007-005
or see the advisories
index
03 Apr 2007 - three security advisories released
See the advisories
index
09 Jan 2007 - MITKRB5-SA-2006-003
kadmind frees uninitialized pointers. See
advisories
index or
advisory text.
09 Jan 2007 - MITKRB5-SA-2006-002
kadmind calls uninitialized function pointers. See
advisories
index or
advisory text.
Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by using
secret-key cryptography. A free implementation of this protocol is
available from the Massachusetts
Institute of Technology. Kerberos is available in many commercial
products as well.
The Internet is an insecure place. Many of the protocols
used in the Internet do not provide any security. Tools to "sniff"
passwords off of the network are in common use by malicious hackers.
Thus, applications which send an unencrypted password over the
network are extremely vulnerable. Worse yet, other client/server
applications rely on the client program to be "honest" about the
identity of the user who is using it. Other applications rely on the
client to restrict its activities to those which it is allowed to do,
with no other enforcement by the server.
Some sites attempt to use firewalls to
solve their network security problems. Unfortunately, firewalls
assume that "the bad guys" are on the outside, which is often a very
bad assumption. Most of the really damaging incidents of computer
crime are carried out by insiders. Firewalls also have a significant
disadvantage in that they restrict how your users can use the
Internet. (After all, firewalls are simply a less extreme example of
the dictum that there is nothing more secure then a computer which is
not connected to the network --- and powered off!) In many places,
these restrictions are simply unrealistic and unacceptable.
Kerberos was created by MIT as a solution to these network
security problems. The Kerberos protocol uses strong
cryptography so that a client can prove its identity to a server
(and vice versa) across an insecure network connection. After a
client and server has used Kerberos to prove their identity, they can
also encrypt all of their communications to assure privacy and data
integrity as they go about their business.
Kerberos is freely available from MIT, under copyright
permissions very similar those used for the BSD operating system
and the X Window System. MIT provides Kerberos in source form
so that anyone who wishes to use it may look over the code for
themselves and assure themselves that the code is trustworthy.
In addition, for those who prefer to rely on a professionally
supported product, Kerberos is available as a product from many
different vendors.
In summary, Kerberos is a solution to your network security
problems. It provides the tools of authentication and strong
cryptography over the network to help you secure your information
systems across your entire enterprise. We hope you find Kerberos as
useful as it has been to us. At MIT, Kerberos has been invaluable to
our Information/Technology architecture.
$Id: index.html,v 1.160 2007/10/24 23:32:00 tlyu Exp tlyu $
All images and text on this page are copyright MIT.
MIT Kerberos
[ home ]
[ contact ]
