Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Use case for Implementing Kerberos

Labels:
avatar
author-rank kums
Expert Contributor

Created ‎12-20-2016 01:00 PM

Our current environment is working with SSH authentication and there is a push to use Kerberos.

Could someone explain what are the flaws with SSH authentication and what are the use cases for Kerberos Implementation

1,876 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank clukasik
Super Collaborator

Created ‎12-20-2016 01:17 PM

One key benefit is that passwords or keys are sent across the network as infrequently as possible with Kerberos. With SSH either passwords are being transmitted or you are persisting files with secret keys, both of which have concerns for security. This article does a great job comparing and contrasting SSH and Kerberos: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm

"When a user identifies herself to the Kerberos system, the identifying program (kinit) uses her password for an exchange with the KDC, then immediately erases it, never having sent it over the network in any form nor stored it on disk."

View solution in original post

1,320 Views
1 REPLY 1

avatar
author-rank clukasik
Super Collaborator

Created ‎12-20-2016 01:17 PM

One key benefit is that passwords or keys are sent across the network as infrequently as possible with Kerberos. With SSH either passwords are being transmitted or you are persisting files with secret keys, both of which have concerns for security. This article does a great job comparing and contrasting SSH and Kerberos: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm

"When a user identifies herself to the Kerberos system, the identifying program (kinit) uses her password for an exchange with the KDC, then immediately erases it, never having sent it over the network in any form nor stored it on disk."

1,321 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements