| Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide | ||
|---|---|---|
| Prev | Chapter 9. Using Kerberos 5 on Red Hat Linux | Next |
Kerberos removes a common and severe security threat, so why is it not in use on every network? For several reasons, Kerberos may be difficult to implement:
No quick solution exists for migrating user passwords from a standard UNIX password database (such as /etc/passwd or /etc/shadow) to a Kerberos password database. Migration is technically feasible, but this issue is beyond the scope of this chapter. For help deciding whether a password migration makes sense for your Kerberos installation, see the Kerberos FAQ Question 2.23 or the information referenced in the section called Additional Resources for more detailed information concerning this issue.
Kerberos is only partially-compatible with the Pluggable Authentication Modules (PAM) system used by most servers running Red Hat Linux. For more information on this issue, see the section called Kerberos and Pluggable Authentication Modules (PAM).
For an application to use Kerberos, its sources must be modified to make the appropriate calls into the Kerberos libraries. For some applications, this may require too much programming effort. For other applications, changes must be made to the protocol used between network servers and their clients. Again, this may require extensive programming. Furthermore, it may be impossible to make certain closed-source applications work with Kerberos.
Kerberos assumes that you are using trusted hosts on an untrusted network. Its primary goal is to prevent plaintext passwords from being sent across that network. However, if anyone other than the proper user has physical access to any of the hosts, especially the one that issues tickets used for authentication, the entire Kerberos authentication system is at risk of being compromised.
Finally, if you decide to use Kerberos on your network, you must realize that it is an all-or-nothing proposition. If any services that transmit plaintext passwords remain in use, passwords can still be compromised, and your network gains no net benefit from the use of Kerberos. To secure your network with Kerberos, you must either kerberize (make it work with Kerberos) all applications that send plaintext passwords or stop using those insecure applications on your network.