Chapter 3 (?)
The text does not present a chapter on Kerberos, but the Red Hat online documentation site does. Follow this link to find its chapter 3, Using Kerberos.
Most of you should have an idea that Kerberos is an authentication protocol. As the Red Hat text explains, it is typically used at login to perform an encrypted authentication to a server. The first page of the lesson sells the concept several times. It mentions that the standard Linux authentication system does not use encryption, making a less than secure solution. It explains that Kerberos uses a symmetric encryption system, which means that the same key is used by both parties in a transaction, and is provided to them through secure key distribution. The lesson provides a graphic to illustrate the Kerberos process, introducing the term realm, which is defined as the computers managed by a Key Distribution Center (KDC), as well as the master KDC itself and any secondary KDCs. In the image below, the user and computer represent any number of users and computers, and the KDC represents as many KDCs as needed in the realm.
The process above also involves timestamps on each transmission that help ensure that this is not a stolen stream from an earlier legitimate transmission. Services on the network are required to support Kerberos authentication, or some other method that is secure, otherwise security will be lost.
Separate but matching packages must be installed on the servers and clients in the network to enable Kerberos. In the illustration in the text, the admin is installing krb5-server, krb5-workstation, and krb5-libs. Note that an additional package must be installed to allow the use of smart cards. In the rest of the text, the installation assumes this version of Kerberos. Be aware that other version numbers are used by HP and Sun. Be aware, also, that other versions of Kerberos have existed and will exist in the future.
Installing the Master KDC server:
The text provides procedures for creating secondary KDC servers, which will not be practical in our lab.
Installing the Client:
The text states that the three steps above are all that you need to do to get a client ready. This is evidently not so, since the instructions continue for another five steps that include generating random keys for each client installed. You may be observing at this time that this is not a quick and easy process, nor is it very automated. Each client added will require editing the database on the server, so you will want to make sure you want to do this before you start.