Table of Contents
Strong Authentication – System Design and Deployment
Outline
URL
Requirements,�Goals,�Scope
Why Stronger Authentication?
Requirements
Requirements
Requirements
Project Goals
Project Scope
Components and Methods
Four Realms
Kerberos
Kerberos Keys
Kerberos KDC
Kerberos Tickets
Overall Schematic
Kerberos-Secured Access
Cross-Authenticated Access
Access through Portal
Remote Access with Kerberos
Remote Access without Kerberos
Kerberos protection for non-Kerberized systems
Technical Factors
Kerberos Key Servers
Application Servers
AFS Integration
Enforcing Password Security
Attacks on Kerberos
Why not ssh?
Illusory Security
Portal Realm
Portal Realm Features
Portal Realm Features
Portal Realm Features
Human Factors
How to “get Kerberized”...
Users’ View - with Kerberos
Users’ View - w/o Kerberos
Users’ View - Portal Realm
Sysadmins’ View
Sysadmins’ View (2)
Account Administration
For Developers
Deployment
Pilot Project
Limited Production
Critical Systems
Fin...
|
Author: Matt Crawford
Email: crawdad@fnal.gov
Home Page: http://www.fnal.gov/cd/security/
|