Kerberos is a secure system for providing network authentication services.
Authentication means:
Kerberos uses passwords to verify the identity of users, and
these passwords are never sent over the network in an unencrypted form.
For information on configuring a Kerberos 5 server or client, refer to
the Official Red Hat Linux Customization Guide.
Most conventional network systems use password-based authentication
schemes. When a user needs to authenticate to a service running on a
network server, they type in their password for each service that
requires authentication. Their password is sent over the network, and
the server verifies their identity using the password.
Transmission of passwords in plaintext using this method, while commonly
done, is a tremendous security risk. Any system cracker with access to
the network and a packet analyzer (also known as a packet sniffer) can
intercept any passwords sent this way.
The primary design goal of Kerberos is to ensure that passwords are
never sent across a network unencrypted and are
preferably never sent over the network at all. The proper use of
Kerberos will eradicate the threat of packet sniffers intercepting
passwords on your network.
