Date of last modification:
Wed Feb 18 22:03:02 2015
Kerberos is an authentication and encryption protocol that allows you
to have secure connections over a public network. It was developed as
part of the Athena project of the MIT.
Details can be found at the Website of the Massachusets Institute of Technology:
SSH is perhaps in wider use, but Kerberos offers better security, IMHO.
IVT offers accurate support for Kerberos version 5 authentication and
The commercial version of IVT containing the
Kerberos/DCE functionality is available from
IVT is integrated with the DCE software from
During startup, IVT will detect such an environment and will use the
DCE32.DLL to access the DCE environment and obtain the location of the
It will generate a KRB5.INI file with the proper settings for
the (pure) Kerberos code to find and use.
The upshot of this is that you can install IVT in a Gradient DCE environment
and have instant integration: the credentials obtained during login
of your workstation will be used to authenticate against Kerberized
In environments without Gradient installed, you will have to supply
the KRB5.INI file yourself and use the
from my website to do the initial login. The current release of that kit
is based on release 1.6.3 of the MIT Kerberos code.
Perhaps even more important is the integration with Microsoft Active Directory.
Windows started using Kerberos as the underlying security protocol in Windows 2000.
For a change, Microsoft did not violate the RFC's - the Windows implementation can
work together with MIT Kerberos.
This means that you can obtain credentials from an AD domain that are valid
for MIT Kerberos servers, such as Kerberized telnet and Kerberized FTP servers.
Some of the most important advantages:
The Dutch Tax Office uses IVT and FileZilla in their network of 500 Unix machines (a mix of HP-UX and AIX) to
do remote, secure administration. File transfer between Unix machines is based on Kerberized rcp (remote copy)
and kftp (Kerberized File Transfer Protocol).
The X-windows tunneling supported by IVT even
provides secure X-windows. Credential forwarding (as supported by IVT) allows administrators
to use ktelnet on Unix (Kerberized telnet) from one Unix machine to another without reauthentication.
All this proves that the technology works in demanding environments to do real work in.