Commencez à lire Kerberos: The Definitive Guide: The Definitive Guide sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil


Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

Kerberos: The Definitive Guide: The Definitive Guide [Format Kindle]

Jason Garman
4.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)

Prix conseillé : EUR 23,74 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 39,12
Prix Kindle : EUR 15,50 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 23,62 (60%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.


Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 15,50  
Broché EUR 33,34  

Descriptions du produit

Présentation de l'éditeur

Kerberos, the single sign-on authentication system originally developed at MIT, deserves its name. It's a faithful watchdog that keeps intruders out of your networks. But it has been equally fierce to system administrators, for whom the complexity of Kerberos is legendary.Single sign-on is the holy grail of network administration, and Kerberos is the only game in town. Microsoft, by integrating Kerberos into Active Directory in Windows 2000 and 2003, has extended the reach of Kerberos to all networks large or small. Kerberos makes your network more secure and more convenient for users by providing a single authentication system that works across the entire network. One username; one password; one login is all you need.Fortunately, help for administrators is on the way. Kerberos: The Definitive Guide shows you how to implement Kerberos for secure authentication. In addition to covering the basic principles behind cryptographic authentication, it covers everything from basic installation to advanced topics like cross-realm authentication, defending against attacks on Kerberos, and troubleshooting.In addition to covering Microsoft's Active Directory implementation, Kerberos: The Definitive Guide covers both major implementations of Kerberos for Unix and Linux: MIT and Heimdal. It shows you how to set up Mac OS X as a Kerberos client. The book also covers both versions of the Kerberos protocol that are still in use: Kerberos 4 (now obsolete) and Kerberos 5, paying special attention to the integration between the different protocols, and between Unix and Windows implementations.If you've been avoiding Kerberos because it's confusing and poorly documented, it's time to get on board! This book shows you how to put Kerberos authentication to work on your Windows and Unix systems.

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 1329 KB
  • Nombre de pages de l'édition imprimée : 274 pages
  • Utilisation simultanée de l'appareil : Illimité
  • Editeur : O'Reilly Media; Édition : 1 (26 août 2003)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B004P1J81C
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Moyenne des commentaires client : 4.0 étoiles sur 5  Voir tous les commentaires (1 commentaire client)
  • Classement des meilleures ventes d'Amazon: n°149.343 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?

En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne

5 étoiles
3 étoiles
2 étoiles
1 étoiles
4.0 étoiles sur 5
4.0 étoiles sur 5
Commentaires client les plus utiles
1 internautes sur 1 ont trouvé ce commentaire utile 
a little bit outdated but clear and interresting / un peu dépassé, mais clair et intéressant

I was notably looking for methods to kerberize an application (with JAAS for example), and the description of kerberos module configuration, such as apache,...
However the book is very clear and ideal to understand kerberos.


Je cherchais notemment des moyens de kerberizer une application (avec JAAS par exemple), et la description de configuration de modules kerberos, comme apache,...
Cependant le livre est très clair et idéal pour appréhender Kerberos.
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur (beta) 3.9 étoiles sur 5  10 commentaires
35 internautes sur 36 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Kerberos intimidates a lot of people, don't be one of them 6 septembre 2005
Par jose_monkey_org - Publié sur
I got started using Kerberos many moons ago, at my university. This is probably how many people got to know about it. While I didn't use it very much, it's there that I learned the basics and experimented a bit with Kerberos. Interest in it took off after Microsoft incorporated Kerberos authentication mechanisms into Windows 2000. Suddenly it wasn't such arcane knowledge.

Two open source Kerberos implementations exist, the MIT reference implementation, and the Heimdal Kerberos implementation. Even then, there are two main versions which you can find, Kerberos IV and Kerberos V. Kerberos IV went away for most environments with the passing of the Y2K mark, but some legacy apps need support. So, you still have to deal with it on occasion.

In writing Secure Architectures with OpenBSD, I got a lot more intimate with Kerberos, and even set up a decently sized realm in my house. Hence, I got to experience the turmoil of setup and debugging. A book like Kerberos: The Definitive Guide (K:TDG) would have been very welcome. Instead, I slogged my way through it, and got it to work for the most part.

K:TDG will help you set up your Kerberos world by introducing you to the complex subject, terminology, and the pieces. Once you learn the basics, you recognize that a simple realm is actually somewhat easy to set up. The author, Jason Garman, uses a mixed Mac OS X, UNIX, and Windows environment, focusing on UNIX most of the time. The bulk of the examples deal with MIT Kerberos 5 version 1.3 (krb5-1.3) but should work for most versions. Some attention is given to the Heimdal implementation (which is integrated with BSD, for example), and for the most part you'll be OK. Windows examples are also pretty copious but always come second. If you're comfortable with UNIX, you'll easily be able to translate these into Windows examples to help bridge the Windows gaps.

Chapter 1 is an obligatory Introduction, a short chapter that introduces the key concepts of Kerberos and what the book will cover. A very quick comparison of Kerberos to DCE, SESAME, and earlier versions of Kerberos is given. This chapter serves as a nice selling point for the book, it's the type of thing you'd flip through in the book store to decide if you should buy the book or not.

Chapter 2 is a decent overview for the new user of Kerberos to the system and how it works. Kerberos is placed into its role in a AAA infrastructure - authentication, authorization, and accounting - as well as some caveats that are commonly made. You'll learn about core Kerberos features like tickets, realms, principles, instances, ticket granting tickets, and the ticket cache. A decent overview for practical purposes is given, but you will definitely want another resource if you're interested in diving headlong into Kerberos.

These pieces come together in Chapter 3, where the actual protocols are described. They're laid out for a non-cryptographer, so go elsewhere if you want to learn the real formal material behind the system. Understanding the protocols is important to understanding the service as a whole. For someone new to Kerberos, you'll probably want to spend a little more time reading this to get oriented in the Kerberos world. The chapter doesn't mess around too much and delivers a fair treatment of the material.

Chapter 4 is the meat of the book's material, setting up your implementation. It all starts with the KDC (key distribution center) and realm initialization. Again, the bulk of the treatment is on the MIT implementation on UNIX, with the Heimdal and then Windows sections following next. Slave KDCs are also introduced, which is useful for large environments. An OS X server is missing, but Kerberos clients for all three (UNIX, Windows and OS X) is given. The role of DNS is also explained well, a useful touch that's missing in some Kerberos documents I've used in the past. This chapter will get you started, and with some of the supplied documentation you should be up and running in no time.

Chapter 5 is devoted to troubleshooting, an all too familiar task for a new Kerberos administrator. Common problems, their diagnosis, and resolution are discussed. I like the presentation of this chapter and think it will be useful for most real-world situations you'll encounter.

Security concerns with Kerberos are covered in Chapter 6, which discusses concrete and abstract attacks on the Kerberos scheme. Since all of the security in Kerberos resides in your KDC hosts, obviously this covers some of the material. However, the clients can exposes your Kerberos realm to attacks, as well, and how to circumvent these problems is covered. A decent and practical chapter, and covered on both UNIX and Windows.

In Chapter 7 a number of Kerberos enabled applications are discussed. After all, you can do more than just log on locally with Kerberos, you can use remote login programs like SSH, remote access scenarios like printing, and even control X via Kerberos. While not every application that I would have liked was covered, the treatment was fair and should get you started with a number of Kerberos enabled tools in your new realm.

A strong selling point of the book is given in Chapter 8, titled Advanced Topics. Three main topics are discussed. The first is cross-realm authentication, where you have more than one separate Kerberos realm on your network but you want to have users switch between the two without creating accounts in the other. This can get tricky, and the book does a decent job of introducing it, but it's not as complete as it could be. The second main topic in this chapter is Kerberos 4 and 5 interoperability, which is relatively straightforward. Most Kerberos 5 implementations come with tools to process Kerberos 4 ticket scenarios to handle legacy applications. And finally, a really valuable section covers UNIX and Windows Kerberos interoperability, a hairy issue. Again, incomplete but strong enough that you should be able to get it working with some elbow grease. This is probably the most valuable chapter of the book, which does a decent job at the introductory level, but you'll be left to tie up a few loose ends on your own.

An obligatory case study is given in Chapter 9, where you can see a number of configuration samples and even a mixed Windows-UNIX environment. Not terribly useful when compared to chapters 4 and 8, but overall worthwhile. It may answer some of your questions, even. Chapter 10 wraps up the book with looking at Kerberos futures, which isn't all that useful, honestly. What gets more useful is the appendix, which gives an administration reference. Lots of commands are given for MIT, Heimdal and even for Windows, so you can quickly jump there to refresh your memory on a topic.

Overall this book is recommended if you need a place to start working on Kerberos, especially in a mixed environment. The MIT and Heimdal documents are a fair place to start for a UNIX only Kerberos realm, but if you find they aren't enough, this is probably the right book for you. The book's main strength is that it covers Kerberos on the three main platforms in use (Windows, OS X, and UNIX), although it could provide a deeper treatment to the mixed environment than it gives. Still, you should be able to use this as a starting point, and it's probably the best treatment I've seen so far on Kerberos setup and administration.
23 internautes sur 25 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Concise, accurate, fair Windows coverage. 29 juin 2004
Par T. Blikre - Publié sur
Format:Broché|Achat vérifié
I purchased this book to assist in integrating Linux authentication with Active Directory. It provided about 90% of the information I needed, the rest came from the web. Offers a concise overview of Kerberos, pretty good coverage of interaction with Active Directory, and some great information on inter-realm trusts that was hard to find via Microsoft. All this talk of AD aside, plenty of high quality information here for the Open Source community.
9 internautes sur 10 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Reasonably thorough introduction and guide, but needs updated 18 juillet 2005
Par Robert Pratte - Publié sur
Like most O'Reilly titles, this book covers the general topics one needs to be conversant in a given topic. Take what you read, do a few web searches, experiment with the technology, discuss the concepts with others - this book will give you a solid foundation to get started. Moreover, like other O'Reilly topics one can see errata, etc. on the O'Reilly website. This book easily meets the high expectations one has of a book from this publisher: conversational tone, lots of hands-on examples, and broad coverage of applications using this technology.

There are really two areas where this book falls short: 1) while broad and general concepts of Kerberos are discussed, when the examples roll out little effort is given to explain the reasons behind settings, configurations, etc., and 2) as with many technology-related books this book could already use an update. In terms of the former issue, I can see that it is difficult to cover the logic behind various implementations of Kerberos. This book attempts to cover Kerberos implementations in Kerberos 4, Kerberos 5, MIT, Heimdal, Windows, and a bit of Mac OS X, as well as various applications that can use Kerberos such as Cyrus, OpenSSH, and Reflection. There is a lot of material here: each of these applications could easily warrant an O'Reilly book of their own. Moreover, these applications change over time (and rather short times, at that). Thus, the second complaint: particularly in terms of OS X this book could use an updated version, though the majority of the text is still relevant.

To summarize a bit here, if you are looking for cutting-edge info on security, implementation (such as in OS X), or applications, then this book will fall a bit short. Further, if you are already well-versed in the Kerberos liturgy, there will be little to excite you here (though there may be some golden nuggets). However, if you are a manager, someone who needs to quickly assimilate the vast information on Kerberos, or a junior system administrator then this book will be a valuable guide for you. While it lacks the lowest levels of detail on Kerberos, this book should provide enough detail for the astute reader to find their way.
9 internautes sur 10 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Good Starting Point 16 novembre 2005
Par Joaquin Menchaca - Publié sur
This has very superb explanations about the Kerberos authentication concepts. As a Windows system administrator, this has helped me immensely in understanding what's under the hood of Active Directory.

In delving into Windows-Linux interoperability experiments, this book was invaluable in presenting different scenarios. I decided to be bold and try have Linux directly authenticate to Windows Server 2003 KDC using information from Chapter 8 "Advanced Topics". I was able to learn the concepts and get started, but I ran into problems:

First the example (page 179) for exporting keytabs doesn't work with Windows 2003, as you need to use "nt4domain\unixhost" for ktpass -mapuser option.

Secondly, there's no coverage on what to do with these keytab files on the Unix side. I found later (googling) that I needed to install them using the kutil command.

Thirdly, there could have references to material on how to test and re-configure Linux to use Kerberos instead of shadow passwd system. "Chapter 7: Applications" covers this, but references to the PAM modules are rather outdated. There should have been detail on how to configure GDM, KDM, and xscreensaver to use Kerberos.

Lastly, I found is that troubleshooting presented earlier in Chapter 5 grossly needs to be expanded. I got specific error messages, and would have liked to see more specifics included. (Fortunately googling again help find some pointers)

Overall this book is great spring board, but as it is outdated and in some ways incomplete, you need to scour the Internet for the complete solution. Still, I honestly don't know how I could have gotten there without this book.
10 internautes sur 12 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Comprehensive and easy-to-understand 7 septembre 2004
Par Don Bartlett - Publié sur
I hoped that this book would help answer all my questions about Kerberos. It did. I have worked with Active Directory frequently over the past 5 years. Also, I have a penchant for security and Open Source software. I was eager to know how Kerberos works behind the scenes, especially in complex scenarios such as cross-realm authentication in Active Directory forests. I was not disappointed.

Kerberos: The Definitive Guide covers everything from history and concepts through implementation and advanced topics. Everything you need to know about authentication, cryptography and security in order to understand and implement Kerberos is here.

Jason Garman does a good job of conveying a wealth of complex subject material in a simple, easy-to-digest way. This book is not a Kerberos "bible" -- it doesn't cover every possible aspect of Kerberos in detail -- but it is more than adequate to be used as an implementation guide, and it makes an excellent reference.

I can recommend this to anyone who works with Kerberos.
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Première publication:
Aller s'identifier

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon

Rechercher des articles similaires par rubrique