Jump to content

There have been enough networking people around here lately I thought I would see if I can get cl...

G+_Jason Perry

By G+_Jason Perry,
in Know How

 Share

Recommended Posts

G+_Jason Perry Newbie

G+_Jason Perry

Posted
Posted

There have been enough networking people around here lately I thought I would see if I can get clarification on something.

 

What is the difference between Kerberos and RADIUS? ?

 

And how do they fit with Samba and LDAP?

I had a good grasp on how I thought everything worked together until I learned about Kerberos.

Link to comment
Share on other sites
G+_Jason Perry Newbie

G+_Jason Perry

Posted
  • Author
Posted

I have been looking at this and what it seems like to me, at least for the difference between Kerberos and RADIUS, is RAIDIUS is used more for external clients to be authenticated onto a network and Kerberos is ongoing two-sided authentication for devices currently on the network.

Link to comment
Share on other sites
G+_Ben Reese Newbie

G+_Ben Reese

Posted
Posted

Jason Perry typically when I see RADIUS, it's in relation to wifi authentication. I assume it's used for more than that, but just haven't looked into it much.

 

Kerberos I looked into a little several years ago because it got into my way with some Linked Servers in SQL Server. (Windows/Kerberos will only authenticate you to the first server - one hop, and not to the second/linked server - two hops. Exception being if the first server is granted impersonation rights in Active Directory...)

 

I'd love to hear from a network admin who's dealt with these though... And I guess now I have to go do more research on Radius lol.

Link to comment
Share on other sites
G+_Ben Tyger Newbie

G+_Ben Tyger

Posted
Posted

RADIUS is more about transient access authentication and network connection setup. That comes from it's dial up days. It is more designed for one time test of authentication.

 

Kerberos is more about authenticating once and then trusting a token provided by that authentication that can be tested at multiple trusted locations. Also there is kerberos constrained delegation which allows a trusted server/device to act on a behalf of a of kerberos authenticated user. This is often used in remote access situations because kerberos is not meant to be run in an public network.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...