2ab7cc62c4
KRB5 1.15 releases. To support this new ports: - The security/krb5 port includes an option to use this port instead of krb5-114 as its base. krb5-114 will remain the default until the next release of KRB5 1.15 (if it's stable of course). - MIT by default deprecates KRB5 two versions back from the current release. krb5-113 has been deprecated and will expire one year from now.
24 lines
1.3 KiB
Text
24 lines
1.3 KiB
Text
Kerberos V5 is an authentication system developed at MIT.
|
|
WWW: http://web.mit.edu/kerberos/
|
|
|
|
Abridged from the User Guide:
|
|
Under Kerberos, a client sends a request for a ticket to the
|
|
Key Distribution Center (KDC). The KDC creates a ticket-granting
|
|
ticket (TGT) for the client, encrypts it using the client's
|
|
password as the key, and sends the encrypted TGT back to the
|
|
client. The client then attempts to decrypt the TGT, using
|
|
its password. If the client successfully decrypts the TGT, it
|
|
keeps the decrypted TGT, which indicates proof of the client's
|
|
identity. The TGT permits the client to obtain additional tickets,
|
|
which give permission for specific services.
|
|
Since Kerberos negotiates authenticated, and optionally encrypted,
|
|
communications between two points anywhere on the internet, it
|
|
provides a layer of security that is not dependent on which side of a
|
|
firewall either client is on.
|
|
The Kerberos V5 package is designed to be easy to use. Most of the
|
|
commands are nearly identical to UNIX network programs you are already
|
|
used to. Kerberos V5 is a single-sign-on system, which means that you
|
|
have to type your password only once per session, and Kerberos does
|
|
the authenticating and encrypting transparently.
|
|
|
|
Jacques Vidrine <n@nectar.com>
|