Why use Kerberos?

Kerberos is an enterprise level authentication tool. (Note there is a difference between authentication and authorisation).
Unfortunately "enterprise" also tends to mean "horribly complex".
Kerberos is getting easier to use as it becomes more integrated into operating systems but it's still in the "hard" basket.

Kerberos is a good way to make security aware applications (potentially) work seamlessly. NFSv4 is a good example of this.
See my notes Why NFSv4 UID mapping breaks with AUTH_UNIX.

  • + : A leading plus sign indicates that this word must be present in every object returned.
  • - : A leading minus sign indicates that this word must not be present in any row returned.
  • By default (when neither plus nor minus is specified) the word is optional, but the object that contain it will be rated higher.
  • < > : These two operators are used to change a word's contribution to the relevance value that is assigned to a row.
  • ( ) : Parentheses are used to group words into subexpressions.
  • ~ : A leading tilde acts as a negation operator, causing the word's contribution to the object relevance to be negative. It's useful for marking noise words. An object that contains such a word will be rated lower than others, but will not be excluded altogether, as it would be with the - operator.
  • * : An asterisk is the truncation operator. Unlike the other operators, it should be appended to the word, not prepended.
  • " : The phrase, that is enclosed in double quotes ", matches only objects that contain this phrase literally, as it was typed.


Related Sites