Manage this page

1. Back to OSCON 2005 notes

2. Feedback

3. Display

Satya - Monday, August 01, 2005 9:09:16 AM

Kerberos

Authenticates a user by any means or various means and gives a ticket. This ticket goes around

Satya - Monday, August 01, 2005 9:20:08 AM

User/Service communication

User wants to talk to service
User sends the details kdc
The details is locked and sent
kdc sends a locked box with server details to back to user
user sends that box to server
Both have session keys
They can talk to each other

annonymous - Monday, August 01, 2005 9:23:01 AM

Explain the double lock puzzle

Write this puzzle down

annonymous - Monday, August 01, 2005 9:25:16 AM

Session keys

Each conversation takes place in its own session.

annonymous - Monday, August 01, 2005 9:34:06 AM

GSSAPI

Does it have language bindings. There is a kerberos plugin for it

annonymous - Monday, August 01, 2005 9:39:52 AM

LDAp

Optimized for reads
Can use relational backends
openldap open source implementation
runs on linux
Secure authentication

Satya - Monday, August 01, 2005 9:41:49 AM

sasl

Simple authentication and security layer
Carnegie mellon
ldap supports sasl

Satya - Monday, August 01, 2005 9:50:11 AM

SSL and TLS

Netscape ldap going open source
tls is replacing ssl gradually

Satya - Monday, August 01, 2005 9:56:34 AM

Active directory

combination of ldap and kerberos
kerberos has built in replay attack safety
Authorization is integrated into ticketing

Satya - Monday, August 01, 2005 9:59:43 AM

Samba

provides file sharing for windows clients on unix boxes