Re: Books on kerberos
Hello Jason, I'm actually quite interested in reviewing any of your book. Currently I'm trying to implement Kerberos across all of our many platforms here. I've recently finshed Kerberizing over 170 machines with linux and solaris installed (mostly linux of different distros and versions). I can personally asstest to how difficult this was even though there seems to be a lot of guides on how to get things running there are very few sources telling you what could go wrong, and what to look for when you you get error messages. More often then not, when typed a error that Kerberos spit out into google, I got a web pages with list of possible kerberos errors (programmers guides I presume) which of course didn't help me at all. Some of the most recent problems I've come across are: I've opted to use a the MIT version of Kerberos that comes with Redhat 7.3 as my KDC, and on the solaris machines to use the SEAM Kerberos that comes with Solaris 8 and 9. Now everything installs fine, but for some reason I can login to some server eklogin and some server prompt me for a password. I'm not sure what the difference between the machines could be I've checked every file I can think of for differences. The funny thing is that I can rsh (encrypted) to all of these machines. I've been unable to find anything on the net about this problem. Secondly, we've have several windows 2000 and Win NT 4 servers that we want to kerberize. For some reason none of the very limited on-line guides seem to give sufficient information in the area that all the kerberos documentation lack, ie, if it doesn't work look for X. I've used the ksetup program, mapped the user to a new user I created on the KDC. However upon examination of the logs it seems that the machine is sending it's name as simple it's domain name with out the localhost name. I'm not sure why this is (as when I check the identification is identified with a hostname, ie, hostname.domainname.com) and I can't find any information on-line about this. Thirdly there seems to be lots of documentation about how to turn OS X machines into client machines (apparently putting the kr5.conf configuration in a mit.edu.Kerberos file), however there is very little information about how to get to (install) utilities like kadmin so that I can create principles and keys for these machines remotely, and how to start servers like eklogin krsh. I'll end my grievances with current documentation now, I hope I've given you some areas to explore if you haven't already come across similar problems. I think it really great that you are writting this book. It will be a much appreciated tome in the system engineers library, and I'm happy to help in any way I can. :) -- Roger Nathanial Ashby o o System Engineer o ___/|__ o (_/\_)oo o _/ \ /| o ___/|__ Thruport Technologies, Inc / @ \\\/ | o _/ \ /| 5440 Cherokee Ave. \_ ///\ | o / @ \\\/ | Alexandria, VA 22312 \___/ \| \_ ///\ | \___/ \| [EMAIL PROTECTED]http://www.thruport.com -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
RE: Books on kerberos
Besides the Kerberos RFCs (e.g., 1510) and the documentation to the MIT implementation (http://web.mit.edu/kerberos/www/krb5-1.2/index.html#documentation), the following are worth reading: 1. http://web.mit.edu/kerberos/www/dialogue.html 2. Kerberos section in William Stallings' Cryptography and Network Security (which is based on 1.) 3. Sun GSS-API Programming Guide (http://docs.sun.com/?p=/doc/816-1331a=load) Frank Eric Lee Steadle To: Leong Tim [EMAIL PROTECTED], [EMAIL PROTECTED] esteadle@spinnakcc: ernet.com Subject: RE: Books on kerberos Sent by: kerberos-admin@mi t.edu 09/20/2002 05:04 PM Please respond to esteadle Well, I read the same 150 piece of garbage you're probably referring to and I know what you mean. The book that I learned the most about Kerberos from was Windows 2000 Security by Roberta Bragg (New Riders Publishing). While this book is Windows oriented, it does a very good job of explaining the basics of Kerberos. Chapter 5 is called Kerberos in the Raw and takes a OS independent look at the protocol. From the introduction of that chapter: Before you begin the study of MS's implementation of the Kerberos standard, and certainly before you compare their implementation to those from other vendors, it is important to study the standard itself, uncooked -- in the raw. And that's exactly what it does. ERX -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leong Tim Sent: Friday, September 20, 2002 3:00 PM To: [EMAIL PROTECTED] Subject: Books on kerberos What do you think is the best book I could get on kerberos? The only thing I could find is some 150 page piece of garbage. Any ideas? -Tim Do you Yahoo!? New DSL Internet Access from SBC Yahoo! -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
RE: Books on Kerberos
Hi, I am working in Kerberos from past 1 year. I am very happy to hear that you are writing a book specifically on Kerberos and interested to review the book. My mail-id is [EMAIL PROTECTED] Thanks Regards Sreedhar Gupta -Original Message- From: Jason Garman [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 8:09 PM To: Leong Tim Cc: [EMAIL PROTECTED] Subject: Re: Books on kerberos On Fri, Sep 20, 2002 at 11:59:54AM -0700, Leong Tim wrote: What do you think is the best book I could get on kerberos? The only thing I could find is some 150 page piece of garbage. Any ideas? I'm currently working on a Kerberos book for O'Reilly. I started the project precisely because I haven't seen any decent printed documentation on Kerberos. This book will cover the basic protocols, several implementations including MIT, Heimdal, and using Windows 2000 as a KDC. Also I'll cover cross-platform single-sign-on using Windows, Unix, and Mac OSX as client machines. I'll definately need reviewers (both technical reviewers and also reviewers in my target audience, sysadmins with little previous knowledge of Kerberos) in the future, so if you're interested please send me an email. Thanks -- Jason Garman / [EMAIL PROTECTED] Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos * Disclaimer: The information in this e-mail and any attachments is confidential / privileged. It is intended solely for the addressee or addressees. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. * Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
On Fri, Sep 20, 2002 at 11:59:54AM -0700, Leong Tim wrote: What do you think is the best book I could get on kerberos? The only thing I could find is some 150 page piece of garbage. Any ideas? I'm currently working on a Kerberos book for O'Reilly. I started the project precisely because I haven't seen any decent printed documentation on Kerberos. This book will cover the basic protocols, several implementations including MIT, Heimdal, and using Windows 2000 as a KDC. Also I'll cover cross-platform single-sign-on using Windows, Unix, and Mac OSX as client machines. I'll definately need reviewers (both technical reviewers and also reviewers in my target audience, sysadmins with little previous knowledge of Kerberos) in the future, so if you're interested please send me an email. Thanks -- Jason Garman / [EMAIL PROTECTED] Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
See also Network Security: Private Communication in a Public World (2nd ed), by Charlie Kaufman, Radia Perlman, and Mike Speciner. Chapters 13 and 14 cover Kerberos versions 4 and 5 in around 60 pages or so. Naturally, they don't go into all the details of the protocol and the ways in which it can be used in that much space, but looking it over briefly (I only just got around to getting my copy now) I'd say it looks like they cover it rather well. Ken Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
I don't know if this one was mentioned yet, but there's also Kerberos: A Network Authentication System by Brian Tung (addison wesley) It's more of a booklet than a book, and it doens't go in to deep detail, but it does a good job as an intro to kerberos. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Ken Raeburn) writes: See also Network Security: Private Communication in a Public World (2nd ed), by Charlie Kaufman, Radia Perlman, and Mike Speciner. Chapters 13 and 14 cover Kerberos versions 4 and 5 in around 60 pages or so. Since people are mentioning chapters in books with a broader focus, I might as well mention my own latest: _Advanced Linux Networking_ (Addison-Wesley, 2002, ISBN 0-201-77423-2). Chapter 6 covers Kerberos in about 30 pages, focusing on Kerberos 5 (Kerberos 4 is mentioned, but not described in any detail). I've got a Web page on the book with a chapter listing and general description: http://www.rodsbooks.com/adv-net/ -- Rod Smith, [EMAIL PROTECTED] http://www.rodsbooks.com Author of books on Linux, networking, multi-OS configuration Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
Yes, this is the 60 page POS that the original posting was about. -- Steve. On Mon, 23 Sep 2002, John Rudd wrote: I don't know if this one was mentioned yet, but there's also Kerberos: A Network Authentication System by Brian Tung (addison wesley) It's more of a booklet than a book, and it doens't go in to deep detail, but it does a good job as an intro to kerberos. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
Re: Books on kerberos
I disagree that it's a POS. It's lacks depth, and it's certainly not the document that you should use to administrate your KDC, but it's not a bad intro to kerberos for people who have little to no experience with it, and are approaching it mostly from a user's perspective. On the otherhand, if you WERE expecting to be a definitive reference, the blame for your disappointment should be more internal than external. I certainly didn't find any more mistakes in it than I found in the actual MIT docs. From: Steve Freed [EMAIL PROTECTED] Yes, this is the 60 page POS that the original posting was about. On Mon, 23 Sep 2002, John Rudd wrote: I don't know if this one was mentioned yet, but there's also Kerberos: A Network Authentication System by Brian Tung (addison wesley) It's more of a booklet than a book, and it doens't go in to deep detail, but it does a good job as an intro to kerberos. Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
