Re: Books on kerberos
I disagree that it's a POS. It's lacks depth, and it's certainly not the document that you should use to administrate your KDC, but it's not a bad intro to kerberos for people who have little to no experience with it, and are approaching it mostly from a user's perspective. On the otherhand, if you WERE expecting to be a definitive reference, the blame for your disappointment should be more internal than external. I certainly didn't find any more mistakes in it than I found in the actual MIT docs. > From: Steve Freed <[EMAIL PROTECTED]> > > Yes, this is the 60 page POS that the original posting was about. > > > On Mon, 23 Sep 2002, John Rudd wrote: > > > > > I don't know if this one was mentioned yet, but there's also > > > > "Kerberos: A Network Authentication System" by Brian Tung (addison > > wesley) > > > > > > It's more of a booklet than a book, and it doens't go in to deep detail, > > but it does a good job as an intro to kerberos. > > > > Kerberos mailing list [EMAIL PROTECTED] > > http://mailman.mit.edu/mailman/listinfo/kerberos > > > Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
FYI: 1.2.6 on crypto-publish.org
I didn't see an announcement here, so I'm just emailing the list to tell that I saw the 1.2.6 release available on www.crypto-publish.org. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
Yes, this is the 60 page POS that the original posting was about. -- Steve. On Mon, 23 Sep 2002, John Rudd wrote: > > I don't know if this one was mentioned yet, but there's also > > "Kerberos: A Network Authentication System" by Brian Tung (addison > wesley) > > > It's more of a booklet than a book, and it doens't go in to deep detail, > but it does a good job as an intro to kerberos. > > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Ken Raeburn) writes: > See also "Network Security: Private Communication in a Public World" > (2nd ed), by Charlie Kaufman, Radia Perlman, and Mike Speciner. > Chapters 13 and 14 cover Kerberos versions 4 and 5 in around 60 pages > or so. Since people are mentioning chapters in books with a broader focus, I might as well mention my own latest: _Advanced Linux Networking_ (Addison-Wesley, 2002, ISBN 0-201-77423-2). Chapter 6 covers Kerberos in about 30 pages, focusing on Kerberos 5 (Kerberos 4 is mentioned, but not described in any detail). I've got a Web page on the book with a chapter listing and general description: http://www.rodsbooks.com/adv-net/ -- Rod Smith, [EMAIL PROTECTED] http://www.rodsbooks.com Author of books on Linux, networking, & multi-OS configuration Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
I don't know if this one was mentioned yet, but there's also "Kerberos: A Network Authentication System" by Brian Tung (addison wesley) It's more of a booklet than a book, and it doens't go in to deep detail, but it does a good job as an intro to kerberos. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Installing SEAM on Solaris 8
I have several Solaris 8 systems that are current with respect to all applicable patches. I need to install SEAM and the necessary encryption pack componenets that offer data encryption on these systems. In the lab, I installed the software on a similar system and had problems. The only way I was able to get things working was to "force" some of the Kerberos related patches (109223-02, 109805-11, 112237-05 and 112390-05) to install (patchadd -u) after installing SEAM and the encryption pack components. This doesn't really seem clean to me. Is there a better way? foto Get your free encrypted email at https://www.hushmail.com Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Single sign-on with W2K, IE 6.1 and JGSS
"Paul Sangster" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > No I don't believe JGSS support SPNEGO (nor does Solaris's GSS). > I understand that JGSS does not support SPNEGO. But I am not passing the spnego token to acceptSecContext(). spnego token is of the form "Negotiate [gssapi-token]". I pass just the gssapi-token part. /T$R (Ramana Turlapati) Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
See also "Network Security: Private Communication in a Public World" (2nd ed), by Charlie Kaufman, Radia Perlman, and Mike Speciner. Chapters 13 and 14 cover Kerberos versions 4 and 5 in around 60 pages or so. Naturally, they don't go into all the details of the protocol and the ways in which it can be used in that much space, but looking it over briefly (I only just got around to getting my copy now) I'd say it looks like they cover it rather well. Ken Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
On Fri, Sep 20, 2002 at 11:59:54AM -0700, Leong Tim wrote: > > What do you think is the best book I could get on kerberos? The only thing I could >find is some 150 page piece of garbage. Any ideas? I'm currently working on a Kerberos book for O'Reilly. I started the project precisely because I haven't seen any decent printed documentation on Kerberos. This book will cover the basic protocols, several implementations including MIT, Heimdal, and using Windows 2000 as a KDC. Also I'll cover cross-platform single-sign-on using Windows, Unix, and Mac OSX as client machines. I'll definately need reviewers (both technical reviewers and also reviewers in my target audience, sysadmins with little previous knowledge of Kerberos) in the future, so if you're interested please send me an email. Thanks -- Jason Garman / [EMAIL PROTECTED] Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Single sign-on with W2K, IE 6.1 and JGSS
Luke Howard wrote: >>I have been trying to achieve single sign-on with IE 6.1 on Win2k systems. >>Basically, trying to emulate IIS and IE kerberos auth exchange. In my case >>the server happens to be Tomcat. >>IIS and IE exchange GSSAPI token using SPNEGO mechanism. IIS sets HTTP >>header "WWW-Authenticate:" to "Negotiate". IE responds with HTTP Header >>"Authorization:" set to "Negotiate b64[gssapi-token]". >> > > Does JGSS support SPNEGO? If not, and there is a Java ASN.1 parser, it > shouldn't be too hard to add. No I don't believe JGSS support SPNEGO (nor does Solaris's GSS). > > >>Any ideas why this is happening? Also, is jgss implementation on Solaris >>based on Sun GSSAPI C implementation? Is SSPI different from GSSAPI? >> > > I don't know whether JGSS is based on the GSS-API C implementation. The > latter is in turn based on the MIT code with fixed mech glue. SSPI has > a different set of API bindings to GSS-API, however it emits compatible > tokens and thus is wire-equivalent. JGSS is a pure Java implementation so its not layered upon the existing C implementation. > > > -- Luke > > -- > Luke Howard | PADL Software Pty Ltd | www.padl.com > > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
RE: Books on Kerberos
Hi, I am working in Kerberos from past 1 year. I am very happy to hear that you are writing a book specifically on Kerberos and interested to review the book. My mail-id is [EMAIL PROTECTED] Thanks & Regards Sreedhar Gupta -Original Message- From: Jason Garman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 8:09 PM To: Leong Tim Cc: [EMAIL PROTECTED] Subject: Re: Books on kerberos On Fri, Sep 20, 2002 at 11:59:54AM -0700, Leong Tim wrote: > > What do you think is the best book I could get on kerberos? The only thing I could find is some 150 page piece of garbage. Any ideas? I'm currently working on a Kerberos book for O'Reilly. I started the project precisely because I haven't seen any decent printed documentation on Kerberos. This book will cover the basic protocols, several implementations including MIT, Heimdal, and using Windows 2000 as a KDC. Also I'll cover cross-platform single-sign-on using Windows, Unix, and Mac OSX as client machines. I'll definately need reviewers (both technical reviewers and also reviewers in my target audience, sysadmins with little previous knowledge of Kerberos) in the future, so if you're interested please send me an email. Thanks -- Jason Garman / [EMAIL PROTECTED] Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos * Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. * Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Timezone problems between Win 98/XP client and Linux KDC
I've been trying to get Kerberos V to work (as a client) on my Win98 at home without success - timestamp problems. Now I've tried on a WinXP at work. Same thing. The time is correct! I'm not sure of the timezone though... On the Kerberos server (a Debian GNU/Linux) it's : [papadoc.pts/13]$ date ; date -u ; date -R Mon Sep 23 16:14:19 CEST 2002 Mon Sep 23 14:14:19 UTC 2002 Mon, 23 Sep 2002 16:14:19 +0200 On the windows machine, it say (GMT+01:00) Amsterdam, Berlin, Bern, Rom, Stockholm, Wien which is correct. Any problem between 'CEST' and 'GMT+01:00'? How would the timezones be set for this to work? -- DES cracking counter-intelligence NSA Kennedy Cocaine critical Albanian [Hello to all my fans in domestic surveillance] Peking Panama ammunition BATF Khaddafi explosion [See http://www.aclu.org/echelonwatch/index.html for more about this] Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
RE: Books on kerberos
Besides the Kerberos RFCs (e.g., 1510) and the documentation to the MIT implementation (http://web.mit.edu/kerberos/www/krb5-1.2/index.html#documentation), the following are worth reading: 1. http://web.mit.edu/kerberos/www/dialogue.html 2. Kerberos section in William Stallings' Cryptography and Network Security (which is based on 1.) 3. Sun GSS-API Programming Guide (http://docs.sun.com/?p=/doc/816-1331&a=load) Frank "Eric Lee Steadle" To: "Leong Tim" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: Books on kerberos Sent by: kerberos-admin@mi t.edu 09/20/2002 05:04 PM Please respond to esteadle Well, I read the same 150 piece of garbage you're probably referring to and I know what you mean. The book that I learned the most about Kerberos from was "Windows 2000 Security" by Roberta Bragg (New Riders Publishing). While this book is Windows oriented, it does a very good job of explaining the basics of Kerberos. Chapter 5 is called "Kerberos in the Raw" and takes a OS independent look at the protocol. From the introduction of that chapter: "Before you begin the study of MS's implementation of the Kerberos standard, and certainly before you compare their implementation to those from other vendors, it is important to study the standard itself, uncooked -- in the raw. " And that's exactly what it does. ERX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leong Tim Sent: Friday, September 20, 2002 3:00 PM To: [EMAIL PROTECTED] Subject: Books on kerberos What do you think is the best book I could get on kerberos? The only thing I could find is some 150 page piece of garbage. Any ideas? -Tim Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Erotik ürün ve video cd ler
Turkiye cag Atliyor. Tabulari Yikiyoruz .. Birbirinden ilginc 100 lerce Video CD Film, Her Zevke Uygun Aradiginiz Her cesit Anal, Oral, Vajinal, Fethis, Lezbiyen, Trans, cift cinsiyetli, Zencili, Aile ici, Hayvanli, VbBir cok cesit www.34gece.com.tr.tc www.34layla.com.tr.tc 1. sisme Bebek cesitleri. Birbirinden harika 3 islevli anal, oral, vajinal bebekler, Esmer, Sarisin, Kumral Size hicbir zaman hayir demeyecekler... 2. Vibrator cesitleri istediginiz boy ve ebatlarda pilli titresimli Gercegini hicbir zaman aratmayacak... 3. Realistik Penis cesitleri. Super realistik ten hassasiyetinde, gercek bir penisten beklediginiz herseyi size verir... 4. Suni Vajina cesitleri. Gercek bir vajinadan beklediginizden fazlasini alacaksiniz, tahmin edemeyeceginiz ozelliklere sahip... 5. Penis Buyutuculer. Sakin Komplekse girmeyin duzenli kullanimlarda 2cm. ile 4cm. arasinda uzunluk saglayabilirsiniz... 6. Uyandiricilar. Cinsel guc ve istek artirici, Uyarilmayi ve ereksiyonu kolaylastirici damlalar ve hap cesitleri... 7. Krem cesitleri Anal ve Vajinal Kayganlastirici, Geciktirici krem cesitleri... 8. Video CD. cesitleri ... www.34gece.com.tr.tc .. www.34layla.com.tr.tc ... Ve Son Olarak cok Yakinda Sadece Dogal Olan Naturel urun cesitleri ile Karsinizda olacagiz... Bekleyin... Yapmaniz Gereken Tek sey Arkaniza Yaslanin Ve Tiklayin www.34layla.com.tr.tc www.34gece.com.tr.tc Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos