BKKRBSDG.RVW 20031018 "Kerberos: The Definitive Guide", Jason Garman, 2003, 0-596-00403-6, U$34.95/C$54.95 %A Jason Garman %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2003 %G 0-596-00403-6 %I O'Reilly & Associates, Inc. %O U$34.95/C$54.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %O http://www.amazon.com/exec/obidos/ASIN/0596004036/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0596004036/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0596004036/robsladesin03-20 %P 253 p. %T "Kerberos: The Definitive Guide" Kerberos is not flashy, but it is a venerable and mature technology. Yes, it has limited scalability, but most of the "successful" PKI (Public Key Infrastructure) projects are small enough that they could easily have been accomplished with Kerberos technology: an eminently elegant solution to the problem of communicating and authenticating over any channel that is, or must be, assumed to be insecure. Chapter one provides a history, base concepts, and variants of Kerberos. Terms and components are given in chapter two. The Needham-Schroeder work, and the idea of ticket-granting, is in chapter three. Implementation, in chapter four, reviews design, UNIX and Windows servers, and special considerations for a mixed environment. The troubleshooting chapter, five, for once comes early enough in a book to be of use. Security aspects external to Kerberos, and specific settings for different implementations, are covered in chapter six. Chapter seven looks at some generic support for applications, as well as some specific programs that already have Kerberos support built in. Cross realm trust is one of the advanced topics, but most of chapter eight concentrates on special requirements for Windows. Chapter nine is a kind of review of the book, involving the various topics that have been discussed in a sample Kerberos installation. Chapter ten looks at the future of Kerberos, with possible public key additions, Web applications, and smartcards. An appendix contains an administrative command list. While Kerberos may not be as highly regarded as the more mathematically complex asymmetric cryptographic systems, it still have many uses, and this book provides the outline, background, and details to help you take full advantage of them. copyright Robert M. Slade, 2003 BKKRBSDG.RVW 20031018