Part 08 – SSO and Kerberos

In this section we examine single sign-on, the pros and cons associated with it, and a standard that implements it called Kerberos. Kelly presents a wonderful "carnival" analogy for Kerberos that is very helpful in understanding its operation! The challenge facing any large organization is how to manage user accounts securely. In peer-to-peer networking situations, it's a chore to create and disable multiple user accounts without any centralized means. A solution is to move to a client/server architecture or the implementation a domain controller. Several standards for this are LDAP, which is used by Active Directory, Sesame, KryptoKnight, and Kerberos. We next discuss the pros and cons of single sign-on. Pros consist of ease of use for end users, centralized control and ease of administration. On the flip side, cons consist of a single point of failure, the necessity for standards, and with convenience, comes potentially giving away the "keys to the kingdom." Kerberos is covered next and is a standard that has been around for a long. It was originally developed by MIT. It uses symmetric cryptography and its core security feature is that it never puts passwords on the network. This is vital for preventing replay attacks. Kelly then presents her carnival analogy to explain the inner workings of Kerberos. Concepts such as the realm, wrist bands, and ride tickets are presented. You should find this way of viewing things very helpful in understanding Kerberos! Finally, concerns and weaknesses with Kerberos are discussed, and though Kerberos is not perfect, it's still a pretty good solution for single sign-on.
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?