- 论坛徽章:
- 0
|
vim:ft=help:tw=78:ts=4:
allows you to maintain a centralized user database. Individual computers defer
to this centralized database when authenticating users, and use sophisticated
encryption techniques to ensure that data transfers aren't subject to
hijacking.
Tools like firewalls are designed to protect a computer or network from the
outside world, or to protect the outside world from miscreants inside a local
network. Kerberos, on the other hand, is an internal security tool it helps
both servers and clients be sure that they're communicating with the proper
systems and users, and to protect passwords so that they can't be stolen and
abused by other local network users. (Kerberos can also improve external
security by providing encryption to external users who need access to internal
servers.) Simultaneously, Kerberos provides convenience by centralizing the
password database, Kerberos allows a user to log in to any workstation on a
network and enter a login password only once, obviating the need to enter
passwords for POP mail servers, FTP servers, and other local servers that
would otherwise require passwords.
goals:
1. servers可以认证clients,clients也可以认证server
2. 密码保护。认证过程中交互的不是密码(包括加密过的),而是使用密码加密过的
Kerberos操作
3. 一次登录后,就不用再输入密码,包括登录到别的机器。有时限.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/24796/showart_247448.html |
|