Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
Kerberos 是一个网络授权协议。它是为了向c/s应用提供强有力的认证机制而设计出来的,它使用了密钥加密。Massachusetts Institute of Technology是一种免费的实现。也有很多商业产品实现了这个协议。
The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.
互联网是一个不安全的地方。很多互联网中使用的协议并不能提供任何安全工具,恶意黑客经常使用 "嗅探 " 网络密码的工具去“嗅探”到密码。因此, 通过网络发送未加密密码的应用程序非常容易受到攻击。更糟的是, 其他c/s应用程序依赖于客户端程序对使用密码的用户的标识 "诚实 "。其他应用程序依赖于客户端将其活动限制为一系列允许执行的操作, 而服务器没有其他强制执行。
Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure than a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.
某些站点尝试使用防火墙解决其网络安全问题。不幸的是, 防火墙假设 "坏人 " 在外面, 这往往是一个非常糟糕的假设。计算机犯罪的真正破坏性事件大部分是由内部人员进行的。防火墙也有很大的缺点, 因为它们限制了用户使用 Internet 的方式。(毕竟, 防火墙只是一个不那么极端的声明, 没有什么比没有连接到网络的计算机更安全---当然了,关闭电源的电脑也很安全!)在很多地方, 这些限制是不切实际和不可接受的。
Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.
Kerberos 是由麻省理工学院创建的, 以解决这些网络安全问题。Kerberos 协议使用强加密, 以便客户端可以通过不安全的网络连接向服务器 (反之亦然) 证明其身份。在客户端和服务器使用 Kerberos 来证明其身份后, 他们还可以对其所有通信进行加密, 以确保他们在进行业务时的隐私和数据完整性。
Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.
Kerberos 可以从麻省理工学院免费获得, 在版权许可下, 与 BSD 操作系统和 X 窗口系统使用的权限非常相似。麻省理工学院在源格式中提供 Kerberos, 以便任何希望使用它的人都可以查看代码, 并确保代码是可信任的。此外, 对于那些更喜欢依赖专业支持产品的用户, Kerberos 可作为来自许多不同供应商的产品。
In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture.
总之,Kerberos 是你在面对网络安全问题时的一种解决方案。它提供了很多认证工具和强大的加密系统来帮助你在互联网上确保你的整体的商业信息的安全。我们希望,一旦你开始使用它了,你就会发现它是多么好用啊。在麻省理工,Kerberos已经被我们的IT架构体系所高度评价。