Solved

what is "Kerberos Security" in Solaris 10 and when is it used?

Posted on 2006-06-19
2
612 Views
Last Modified: 2013-12-21
I am installing Solaris 10 for the first time and have no experience installing unix OSs. Only thing I am good at is following directions. I intend to install and reinstall until I am confident enough with its configuration that I can colocate the box. Thus, security is a major concern for me, including concerns regarding someone having physical access of the drives should the box ever get stolen (thus, encryption of the data drives is of great interest to me).

The box is a Sun E250 dual processor, 512 mb RAM, 6 18 gb hard drives, 2 power supplies.

While installing Solaris 10, I am prompted with the following:


Specify Yes if the system will use the Kerberos security mechanism.

        Specify No if this system will use standard UNIX security.
      
            Configure Kerberos Security
            [ ] Yes
            [X] No

What exactly is "Kerberos Security", what advantages are there to using it and not using it, and would it benefit a system that will eventually be colocated?
0
Comment
Question by:TJonLongIsland
2 Comments
 
LVL 10

Accepted Solution

by:
Nukfror earned 500 total points
ID: 16939017
For one definition look here:

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212437,00.html

Amont the pros of using Kerberos is better security in locking down your servers and services that user Kerberos.  One cons is Kerberos requires a highly-secure server that provides the tickets authorization and verification services (among other Kerberos tasks).  So to really get Kerberos working, you need to do LOTS of planning to make it work correctly.

If you're going to colo a server, I would suggest enabling IPFilter on Solaris 10 and using SSH.  If you want to get even more secure, then read about and utilize RBAC.


0
 

Author Comment

by:TJonLongIsland
ID: 16979492
I like your answer, and am about to close this question. I have a follow-up though, that I'll ask as a separate question.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now