÷ƒ’À;è TeX output 2008.07.09:2309‹'ÿÿÿÿ‘·ºâŸ·ºâò«! /DvipsToPDF { 72.27 mul Resolution div } def /PDFToDvips { 72.27 div Resolution mul } def /HyperBorder { 1 PDFToDvips } def /H.V {pdf@hoff pdf@voff null} def /H.B {/Rect[pdf@llx pdf@lly pdf@urx pdf@ury]} def /H.S { currentpoint HyperBorder add /pdf@lly exch def dup DvipsToPDF /pdf@hoff exch def HyperBorder sub /pdf@llx exch def } def /H.L { 2 sub dup /HyperBasePt exch def PDFToDvips /HyperBaseDvips exch def currentpoint HyperBaseDvips sub /pdf@ury exch def /pdf@urx exch def } def /H.A { H.L currentpoint exch pop vsize 72 sub exch DvipsToPDF HyperBasePt sub sub /pdf@voff exch def } def /H.R { currentpoint HyperBorder sub /pdf@ury exch def HyperBorder add /pdf@urx exch def currentpoint exch pop vsize 72 sub exch DvipsToPDF sub /pdf@voff exch def } def systemdict /pdfmark known { userdict /?pdfmark systemdict /exec get put }{ userdict /?pdfmark systemdict /pop get put userdict /pdfmark systemdict /cleartomark get put } ifelse ïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if endï˜ps:SDict begin [ /Producer (dvips + Distiller) /Title () /Subject () /Creator (LaTeX with hyperref package) /Author () /Keywords () /DOCINFO pdfmark end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.1) cvn H.B /DEST pdfmark endï color popŽ’Ôï color popŽŽ { þ€—‘H ÿhêïSps:SDict begin [ /Page 1 /View [ /Fit ] /PageMode /UseOutlines /DOCVIEW pdfmark endï1ps:SDict begin [ {Catalog} << >> /PUT pdfmark endïps:SDict begin H.S endïps:SDict begin 12 H.A endïMps:SDict begin [ /View [/XYZ H.V] /Dest (Doc-Start) cvn H.B /DEST pdfmark endïpapersize=0.0pt,0.0ptïps:SDict begin H.S endïps:SDict begin 12 H.A endïGps:SDict begin [ /View [/XYZ H.V] /Dest (0:0) cvn H.B /DEST pdfmark endŸ&ñ‘Essóúâ phvb8tÂK ƒerber€¡os–êÏInfrastructure“HO‘þÁWT‘ÿBOŽŸ!C–’Àè,óúG® phvb8tÃV‘ýí..–ͽAle½°x“BrennenŽ¤’ψÑóú phvb8tÄv“ab@cr·yptnet.netŽ¡Ÿ ’ãPý2004-05-29ŽŸõÑ0Diario–Uüdelle“ReÑóvisioniŽŸ¦aïps:SDict begin H.S endïps:SDict begin 0 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (table.1) cvn H.B /DEST pdfmark endŸÿþ‘0óáÚŽ phvr8tÅRe³7visione‘ǧ2.0.0Ž‘w„2004-05-28Ž’¬Â4Re³7visionato–ǧda:“V‘ÿ37ABŽŽ¤ 4u‘0ConÌÐvÀersion–ǧto“DocBook“XML.“Generšægal“Content“UpdatesÙ ,“including“incorLÈpor˜ation“of“T‘þÌÐechnical“and“Metadata/Mar&_kup“Re³7vieÌÐwsÙ .ŽŽŸ 9–‘0Re³7visione‘ǧ1.0.3Ž‘w„2003-04-01Ž’¬Â4Re³7visionato–ǧda:“V‘ÿ37ABŽŽ¡‘0Minor–ǧUpdatesšÙ ,“Minor“Corrections˜,“Additional“links“added.ŽŽ© Ú‘0Re³7visione‘ǧ1.0.2Ž‘w„2002-09-13Ž’¬Â4Re³7visionato–ǧda:“V‘ÿ37ABŽŽ¡‘0Minor–ǧUpdatesšÙ ,“Minor“Corrections˜,“Added“8.6,“Additional“links“added.ŽŽ¦‘0Re³7visione‘ǧ1.0.1Ž‘w„2002-07-15Ž’¬Â4Re³7visionato–ǧda:“V‘ÿ37ABŽŽ¡‘0Minor–ǧUpdatesšÙ ,“Fix³7es˜.ŽŽ¦‘0Re³7visione‘ǧ1.0.0Ž‘w„2002-06-13Ž’¬Â4Re³7visionato–ǧda:“V‘ÿ37ABŽŽ¡‘0Initial‘ǧReleaseÙ .ŽŽŽŸ*÷ ’‰€ó?Á|‰ ptmr8tÁQuesto–€documento“descrišÀvÙ e“il“progetto“e“la“congurazione“di“una“infrastruttura“K˜erberos“per“laŽ¤ ’‰€gestione–€dell'autenticazione“su“GNU/Linux.“Illustra“in“dettaglio“i“passi“da“seÙ guire,“secondo“leŽ¡’‰€bÌÐuone–€prassi,“per“installare“un“servÙ er“o“un“softwægare“basato“su“KÀerberos“e“per“eettuare“laŽ¡’‰€con™ŸvÙ ersione–€dei“sistemi“preesistenti;“risponde“inoltre“alle“domande“pi€ù“frequenti.Ž¤!’‰€T¦graduzione–€di“Lorenzo“V‘þã×aina“óϯ8 ptmri8tÆwork“[at]“vaina“[dot]“itŽ¡’‰€ÁReÀvisione–€della“traduzione“a“cura“di“Marco“Curreli“Æmar•¡Gcocurr“eli–€[at]“tiscali“[dot]“itŽŸ@Ÿ‘Mïps:SDict begin H.S endïps:SDict begin 13 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0:about) cvn H.B /DEST pdfmark endŽŸ-lŒ‘HÃ1.–ͽA“pr§Œoposito“di“questo“documentoïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.1.1) cvn H.B /DEST pdfmark endŽ‘HŸ“­ïps:SDict begin H.S endïps:SDict begin 13 H.A endïMps:SDict begin [ /View [/XYZ H.V] /Dest (0:general) cvn H.B /DEST pdfmark endŸ#ñr‘0óúff phvb8tÇ1.1.–ÈInf¶Jormazioni“g$Ûeneraliïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.1.1.2) cvn H.B /DEST pdfmark endŽŸ41ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:54) cvn H.B /DEST pdfmark endŸ ËÏ‘0ÁCopægyright–€(c)“2002-2004“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:55) cvn H.B /DEST pdfmark endV‘þµÇ.“AleÙ x“Brennen“(http://cryptnet.net/people/vÀab/)“(ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:56) cvn H.B /DEST pdfmark endV‘þ¦gABŽŸ ‘0(http://cryptnet.net/people/vÀab/)).ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:57) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Questo–€documento“appartiene“al“pubblico“dominio.ŽŽŸ0‘Hïcolor push Blackïps:SDict begin H.S endïps:SDict begin 13 H.A endïRps:SDict begin [ /View [/XYZ H.V] /Dest (0:translations) cvn H.B /DEST pdfmark endŸfd’ÏÆ1ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'*‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.2) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:58) cvn H.B /DEST pdfmark endŸ ‘0ÁQuesto–€documento“€è“pubblicato“all'indirizzo:Ž© ‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:59) cvn H.B /DEST pdfmark endhttp://cryptnet.net/fdp/admin/k•ægerby-infra/en/k“erby-infra.htmlŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïRps:SDict begin [ /View [/XYZ H.V] /Dest (0:translations) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç1.2.‘ÈT‘þÙraduzioniïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.1.2.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:62) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁAl–€momento“questo“documento“€è“disponibile“nelle“seÙ guenti“lingue:Ž¤*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:63) cvn H.B /DEST pdfmark endŸ@ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:64) cvn H.B /DEST pdfmark endŸÈ‘0ïcolor push BlackóXlï' ptmr8cÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:65) cvn H.B /DEST pdfmark endÁ[ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:66) cvn H.B /DEST pdfmark enden›€(http://cryptnet.net/fdp/admin/k•ægerby-infra/en/k“erby-infra.html)]˜EnglishŽ¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:67) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:68) cvn H.B /DEST pdfmark endÁ[ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:69) cvn H.B /DEST pdfmark endit–€(http://www‘ÿY .pluto.it/ildp/hoÀwto/kægerberos-infrastructure)]“ItalianoŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:70) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Se–€conoscete“una“traduzione“o“intendete“tradurlo“in“un'altra“lingua“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:71) cvn H.B /DEST pdfmark endinformatemiŽ¦‘0(mailto:vÀab@cryptnet.net)–€in“modo“che“io“possa“distribÌÐuire“la“traduzione“o“riferirla“con“un“link.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïMps:SDict begin [ /View [/XYZ H.V] /Dest (0:credits) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç1.3.–ÈContrib¶Juti“e“ringraziamentiïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.1.3.2) cvn H.B /DEST pdfmark endŽŸ41ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:74) cvn H.B /DEST pdfmark endŸáHïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:75) cvn H.B /DEST pdfmark endŸ­‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:76) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:77) cvn H.B /DEST pdfmark endÁV‘þµÇ.–€AleÙ x“Brennen“(http://cryptnet.net/people/všÀab/)“(ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:78) cvn H.B /DEST pdfmark endV‘þ¦gAB“(http://cryptnet.net/people/v˜ab/))“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:79) cvn H.B /DEST pdfmark end<ó‰š pcrr8tÊvab‘ff(at)Ž¦‘:cryptnet.netÁ>–€(Autore“principale)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:80) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:81) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:82) cvn H.B /DEST pdfmark endÁNickšægolai–€ZeldoÙ vich“(http://k˜olya.net/)“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:83) cvn H.B /DEST pdfmark end<Êkolya–ff(at)“zepa.netÁ>–€(Suggerimenti“e“correzioniŽ¦‘:tecniche)ŽŸÊ8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:feedback) cvn H.B /DEST pdfmark endŸ%ºç‘0Ç1.4.‘ÈFeedbac¶Jkïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.1.4.2) cvn H.B /DEST pdfmark endŽ¤.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:86) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁPer›€fæga•ÌÐv“ore˜in™Ÿviate˜le˜v“ostre˜aggiunte,˜commenti,˜correzioni˜e˜critiche˜a˜questo˜indirizzo˜di˜postaŽ¦‘0elettronica:‘€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:87) cvn H.B /DEST pdfmark end<Êvab@cryptnet.netÁ>.ŽŸ ¢Ìïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:overview) cvn H.B /DEST pdfmark endŸ, ÀÃ2.–ͽUna“vista“di“insieme“dell'infrastruttura“di“K½°erber§Œosïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.2.1) cvn H.B /DEST pdfmark endŽž7Eïps:SDict begin H.S endïps:SDict begin 13 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0:intro) cvn H.B /DEST pdfmark endŸ'MÚ‘0Ç2.1.–ÈIntrš¶Joduzione“a“KȽerber˜osïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.2.5.2) cvn H.B /DEST pdfmark endŽ¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:92) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁKšÀerberos–€€è“un“sistema“di“autenticazione“sviluppato“dal“MIT“nell'ambito“del“progetto“Athena.“K˜erberosŽ¦‘0usa–€la“crittograa“e“una“terza“parte“data,“un“arbitro,“per“eseÙ guire“l'autenticazione“in“maniera“sicuraŽ¦‘0attraÌÐvÙ erso–€una“rete“non“sicura.“In“particolare“KšÀerberos“usa“dei“tickæget“cifrati“per“e˜vitare“di“trasmettere“leŽ¦‘0passwægord–d¶come“testo“in“chiaro›d·attraÌÐvÙ erso“la“rete;“KÀerberos“si“basa“sul“protocollo˜di“Needham“e“Schroeder‘ÿs8.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:93) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Adesso–€sono“in“uso“due“všÙ ersioni“di“kægerberos:“la“4“e“la“5.“Le“v˜ersioni“dalla“1“alla“3“erano“v˜ersioni“interneŽ¦‘0di–€sviluppo“e“non“sono“mai“state“pubblicate;“la“všÙ ersione“4“ha“alcune“lacune“di“sicurezza“a“non“do˜vrebbeŽ¦‘0pi€ù–€essere“usata.“Questo“documento“tratta“soltanto“di“KÀerberos“5,“denito“nel“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:94) cvn H.B /DEST pdfmark endRFC1510Ž¦‘0(http://cryptnet.net/mirrors/rfcs/rfc1510.txt).ŽŽŸ0‘Hïcolor push Black’ÏÆ2ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'ç‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.3) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:95) cvn H.B /DEST pdfmark endŸ ‘0ÁLa–€locuzione“Infrastruttura“KÀerberos“si“riferisce“alla“congurazione“del“softwægare,“del“servÙ er“e“del“clientŽ¤ ‘0che–€permettono“a“un“amministratore“di“usare“il“protocollo“KÀerberos“per“realizzare“l'autenticazione“sullaŽ¡‘0rete.–€Precisamente,“l'infrastruttura“kšægerberos“consiste“nel“softw˜are“KÀerberos“stesso,“in“alcuni“servÙ er“diŽ¡‘0autenticazione–€ridondanti“posti“in“sicurezza,“in“un“deposito“centralizzato“di“account“e“passwægord“e“neiŽ¡‘0sistemi–€congurati“per“usare“KÀerberos“come“protocollo“di“autenticazione.“Questo“documento“permetter€àŽ¡‘0di–€apprendere“i“passi“necessari“per“installare,“congurare“e“distribÌÐuire“una“tale“infrastruttura.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:benefits) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç2.2.–ÈI“beneci“di“KȽerber¶Josïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.2.6.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:98) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁChi–€non“ha“condenza“col“protocollo“kægerberos“potrebbe“non“aÌÐvÙ er“chiaro“quali“siano“i“beneci“cheŽ¡‘0comporta–€distribÌÐuirlo“sulla“rete;“comunque“tutti“gli“amministratori“hanno“condenza“con“i“problemi“cheŽ¡‘0KÀerberos–€doÙ vrebbe“mitigó7are.“Alcuni“di“questi“problemi“sono“l'intercettazione“della“passwægord“in“transitoŽ¡‘0sulla–€rete“(sning),“la“lettura“abÌÐusi•Àv“a–€del“le“o“del“database“delle“passwægord“(stealing),“e“gli“sforzi“che“siŽ¡‘0dešÀvÌÐono–€sostenere“per“mantenere“un“v˜asto“numero“di“database“deÙ gli“account.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïHps:SDict begin [ /View [/XYZ H.V] /Dest (0:99) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Un'–€infrastruttura“kægerberos“distribšÌÐuita“in“modo“appropriato“costituisce“un“b˜uon“punto“di“partenza“per“laŽ¡‘0soluzione–€dei“problemi“cui“si“€è“accennato“e“aumenta“la“sicurezza“dell'orÑðgó7anizzazione.“L‘ÿ'uso“di“KÀerberosŽ¡‘0eÀvita–€che“le“passwægord“siano“trasmesse“in“chiaro“sulla“rete;“inoltre“il“sistema“centralizza“le“informazioniŽ¡‘0sulle–€credenziali“semplicandone“la“gestione“e“la“manutenzione.“Inne“l'utilizzo“di“KšÀerberos“e˜vita“diŽ¡‘0do•Ù v“er–€conservÀare“le“passwægord“localmente“sulla“macchina,“riducendo“la“probabilit€à“che“laŽ¡‘0compromissione–€di“una“singola“macchina“comporti“ulteriori“violazioni.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:100) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Riassumendo,–€in“una“grande“impresa“i“beneci“di“KšÀerberos“si“traduranno“in“minori“costi“amministrati˜viŽ¡‘0attrašÌÐvÙ erso–€una“gestione“pi€ù“semplice“di“account“e“passwægord“e“attra˜vÙ erso“il“miglioramento“nella“sicurezzaŽ¡‘0della–€rete.“In“un“ambiente“pi€ù“piccolo“i“beneci“pi€ù“eÀvidenti“sono“costituiti“dalla“scalabilit€àŽ¡‘0dell'infrastruttura–€di“autenticazione“e“dal“miglioramento“della“sicurezza“della“rete.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïPps:SDict begin [ /View [/XYZ H.V] /Dest (0:howitworks) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç2.3.–ÈCome“funziona“KȽerber¶Josïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.2.7.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:103) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁIl–€protocollo“di“autenticazione“KšÀerberos“usa“un“seÙ greto“condi˜viso“e“una“terza“parte“data,“con“ruolo“diŽ¡‘0arbitro,–nUper›nTcon™ŸvÀalidare“l'identit€à“dei˜client,“che“possono˜essere“utenti,“servÙ er˜o“programmi.“La˜terza“parteŽ¡‘0data–€€è“un“servšÙ er“chiamato“KÀe˜y“DistribÌÐution“Center“(KDC)“che“ese˜gue“i“d€èmoni“KÀerberos.“Il“se˜gretoŽ¡‘0condiÀviso–€€è“la“passwægord“dell'utente“trasformata“in“chiaÌÐvšÙ e“crittograca;“per“i“serv˜er“e“i“sistemi“softwægare“€èŽ¡‘0generata–€una“chiaÌÐvÙ e“casuale.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:104) cvn H.B /DEST pdfmark endŸ ÕÈ‘0In–€KšÀerberos“gli“utenti“sono“detti“"principal";“il“KDC“conserv˜a“un“database“dei“principal“e“delle“chiaÌÐviŽ¡‘0sešÙ grete–€che“essi“usano“per“autenticarsi.“In“KÀerberos“la“conoscenza“della“chiaÌÐv˜e“se˜greta“€è“considerata“unaŽ¡‘0všÀalida–€dimostrazione“di“identit€à,“perci€ò“il“servÙ er“K˜erberos“€è“adabile“per“autenticare“ogni“client“neiŽ¡‘0confronti–€di“ogni“altro“client.“Con“KÀerberos“l'autenticazione“€è“ottentuta“senza“trasmettere“alcunaŽ¡‘0passwægord–€in“chiaro“attraÌÐvšÙ erso“la“rete.“Nel“se˜guito“sar€à“spie˜gó7ata“la“corrispondenza“fra“il“protocolloŽ¡‘0KšÀerberos–€e“il“softwægare“K˜erberos“in“GNU“Linux.ŽŽŸ0‘Hïcolor push Black’ÏÆ3ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'4£‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.4) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:105) cvn H.B /DEST pdfmark endŸ ‘0ÁIl–€KDC“esešÙ gue“i“due“importanti“d€èmoni“KÀerberos“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:106) cvn H.B /DEST pdfmark endkadmind“e“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:107) cvn H.B /DEST pdfmark endkrb5kdc.“Una“con™Ÿv˜enzione“diŽ¤ ‘0denominazione–€in“GNU“Linux“preÀvÙ ede“che“i“processi“il“cui“nome“inizia“per“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:108) cvn H.B /DEST pdfmark endk“siano“attinenti“al“kægernel“oŽ¡‘0esešÙ guiti–€nello“spazio“del“kægernel;“in™Ÿv˜ece“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:109) cvn H.B /DEST pdfmark endkrb5kdc“e“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:110) cvn H.B /DEST pdfmark endkadmind“sono“ese˜guiti“in“spazio“utente.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:111) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:112) cvn H.B /DEST pdfmark endŸ ÕÈ‘0kadmind–€€è“il“demone“amministratišÀvÌÐo“di“K˜erberos;“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:113) cvn H.B /DEST pdfmark endkadmind“si“usa“attraÌÐvÙ erso“il“programma“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:114) cvn H.B /DEST pdfmark endkadmin“per“laŽ¡‘0manutenzione–€del“database“dei“principal“e“la“congurazione“dei“criteri.“Se“si“sceÙ glie“di“non“permettere“ilŽ¡‘0login–€remoto“tramite“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:115) cvn H.B /DEST pdfmark endssh“sulla“macchina“KÀerberos,“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:116) cvn H.B /DEST pdfmark endkadmin“consente“l'amministrazione“remota“deiŽ¡‘0componenti–€KÀerberos“del“servÙ er‘ÿs8.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:117) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:118) cvn H.B /DEST pdfmark endŸ ÕÈ‘0krb5kdc–€€è“la“bestia“da“soma“del“servšÙ er“KÀerberos,“v˜estendo“il“ruolo“di“terza“parte“data“nel“processo“diŽ¡‘0autenticazione.–€Quando“un“utente“vuole“autenticarsi“presso“un“sistema“o“un“servizio,“chiede“un“tickæget“alŽ¡‘0KDC.–ryUn“tickæget“€è“un“datagramma“che“contiene‘rxl'identit€à“del“client,“una“chiaÌÐvÙ e“di“sessione,“una“marcaturaŽ¡‘0oraria–€e“altre“indicazioni;“il“datagramma“€è“cifrato“con“la“chiaÌÐvšÙ e“se˜greta“del“serv˜er‘ÿs8.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:119) cvn H.B /DEST pdfmark endŸ ÕÈ‘0DescriÀvÙ endo–€il“processo“pi€ù“in“dettaglio,“esso“inizia“con“la“richiesta“di“autenticazione“che“€è“trasmessa“alŽ¡‘0demone–€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:120) cvn H.B /DEST pdfmark endkrb5kdc.“Quest'ultimo,“riceÀvuta“la“richiesta,“cerca“il“client,“cio€è“il“principal,“nel“database“deiŽ¡‘0principal–€per“autenticarlo;“lešÙ gge“la“chiaÌÐv˜e“se˜greta“del“client“nel“database“e“cifra“un“tickæget“speciale“dettoŽ¡‘0Tš¦gickæget–€Granting“T˜ickæget“(TGT),“che“in™Ÿvia“al“client.“Il“client“riceÀvšÙ e“il“TGT“cifrato“che“contiene“una“chiaÌÐv˜eŽ¡‘0di–€sessione;“se“il“client“conosce“la“passwægord“(la“chiaÌÐvšÙ e“se˜greta“che“€è“conservÀata“nel“database“deiŽ¡‘0principal)–€pu€ò“decifrare“il“TGT‘ÿB,“quindi“lo“cifra“con“la“chiaÌÐvÙ e“di“sessione,“che“€è“contenuta“nel“TGT“stesso,Ž¡‘0per–€presentarlo“a“un“Tš¦gickæget“Granting“Service“(TGS).“Il“TGS“rilascia“un“ulteriore“T˜ickæget“che“consentir€à“alŽ¡‘0client–€di“ottenere“l'autenticazione“presso“uno“specico“sistema“o“servizio.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:121) cvn H.B /DEST pdfmark endŸ ÕÈ‘0L‘ÿ'autenticazione–€sicura“si“realizza“tramite“l'uso“di“tickæget“cifrati“che“possono“essere“decifrati“soltanto“se“ilŽ¡‘0client–€conosce“la“chiaÌÐvšÙ e“se˜greta.“Il“tickæget“contiene“informazioni“sull'orario“per“preÀv˜enire“attacchi“diŽ¡‘0replica,–€che“consistono“in“rappresentazioni“fraudolente“di“un“tickæget“rilasciato“precedentemente,“perŽ¡‘0ottenere–€un“accesso“illecito.ŽŸY”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïPps:SDict begin [ /View [/XYZ H.V] /Dest (0:compromise) cvn H.B /DEST pdfmark endŸ'k‹‘0Ç2.4.–ÈComprš¶Jomissione“dell'infrastruttura“KȽerber˜osïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.2.8.2) cvn H.B /DEST pdfmark endŽŸûïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:124) cvn H.B /DEST pdfmark endŸ ð‘0ÁIl–|=primo›|>modo“in“cui˜un“aggressore“pu€ò˜tentare“di˜compromettere“un'infrastruttura“KÀerberos˜€è“attaccandoŽ¡‘0il–€servšÙ er“KÀerberos;“se“l'aggressore“riuscisse“a“ottenere“un“accesso“di“root“al“KDC“e˜gli“aÌÐvrebbe“accesso“alŽ¡‘0database–€delle“passwægord“cifrate“dei“principal.“In“questo“modo“l'aggressore“potrebbe“accedere“anche“alŽ¡‘0softwšægare–€KÀerberos“e“ai“le“di“congurazione“e“modicarli“per“f˜are“in“modo“che“il“sistema“consenta“delleŽ¡‘0autenticazioni–€che“non“došÙ vrebbero“aÌÐv˜ere“successo.ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:125) cvn H.B /DEST pdfmark endŸ æl‘0T¦gra–€gli“altri“metodi“per“attaccare“l'infrastruttura“di“KšÀerberos“v˜anno“citati“gli“attacchi“di“replica“(replayŽ¡‘0attack)–€e“i“tentatiÀvi“di“indoÙ vinare“la“passwšægord“(passw˜ord“guessing“attack).“Un“attacco“di“replica“si“esplicaŽ¡‘0intercettando–€o“acquisendo“altrimenti“un“tickæget“KÀerberos“e“utilizzandolo“fraudolentemente“per“tentare“diŽ¡‘0ottenere–€l'autenticazione.“Per“prošÙ vÀare“a“indo˜vinare“la“passwšægord“si“possono“intercettare“dei“tick˜etŽ¡‘0KÀerberos–€sulla“rete“per“decifrarli“mediante“un“attacco“di“forza“bruta.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:126) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Un–€aggressore“pu€ò“sfruttare“le“vulnerabilit€à“del“softwægare“vÙ etusto“ancora“presente“nell'infrastruttura;“perŽŽŸ0‘Hïcolor push Black’ÏÆ4ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'K‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.5) cvn H.B /DEST pdfmark endï color popŸüfdŸ÷™œïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:hardware) cvn H.B /DEST pdfmark endŸfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xÁesempio–€sono“noti“parecchi“problemi“con“la“vÙ ersione“4“di“KÀerberos“il“pi€ù“importante“dei“quali“€è“unaŽ¤ ‘xfondamentale–€debolezza“nel“protocollo“usato“per“la“crittograa.“Il“progetto“di“KÀerberos“vÙ ersione“4Ž¡‘xcontempla–€l'uso“di“DES“in“modalit€à“normale“che“permette“a“un“aggressore“di“intercettare“e“modicare“ilŽ¡‘xtesto–€cifrato“del“tickæget“senza“lasciare“tracce.“Per“prešÀvÙ enire“questi“attacchi“K˜erberos“€è“stato“modicatoŽ¡‘xnella–€vÙ ersione“5“che“usa“triple“DES“in“modalit€à“Cipher“Block“Chaining“(CBC).Ž‘H©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:127) cvn H.B /DEST pdfmark endŸ ÕÈ‘0T¦grattando–€della“robÌÐustezza“della“vÙ ersione“4“di“KÀerberos“€è“importante“notare“anche“che“parecchieŽ¡‘0implementazioni–€sorono“di“vulnerabilit€à“di“superamento“del“bšÌÐuer“(b˜uer“o•Ù v“eroÀw).‘€LeŽ¡‘0implementazioni–€di“riferimento“di“KÀerberos“vÙ ersione“5“hanno“riparato“le“vulnerabilit€à“di“superamento“delŽ¡‘0bšÌÐuer–€presenti“nella“vÙ ersione“4“ma“le“distrib˜uzioni“della“vÙ ersione“5“generalmente“forniscono“programmiŽ¡‘0che–€consentono“la“compatibilit€à“all'indietro“e“supportano“le“applicazioni“preesistenti“progettate“perŽ¡‘0KÀerberos–€4;“si“ritiene“che“il“codice“compatibile“presente“nella“vÙ ersione“5“sia“ancora“vulnerabile“agliŽ¡‘0attacchi–€di“bÌÐuer“o•Ù v“eroÀw‘ÿY .ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:128) cvn H.B /DEST pdfmark endŸ æl‘0Quindi,–€visti“i“problemi“del“protocollo“della“vÙ ersione“4“e“le“potenziali“vulnerabilit€à“di“superamento“delŽ¡‘0bÌÐuer™Ÿ,–€€è“mešÙ glio“non“supportare“n€é“usare“KÀerberos“v˜ersione“4.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:129) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Riassumendo,–€da“questa“descrizione“su“come“sia“possibile“compromettere“un'infrastruttura“KÀerberos,“siŽ¡‘0comprende–€che“la“sicurezza“dello“stesso“servšÙ er“KÀerberos“€è“un'esigenza“prioritaria;“bisogna“poi“ese˜guireŽ¡‘0softwšægare–€KÀerberos“aggiornato“e“restare“vigili“sceÙ gliendo“bÌÐuone“passw˜ord“e“predisponendo“bÌÐuoni“criteriŽ¡‘0per–€le“passwægord.ŽŸ j8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïMps:SDict begin [ /View [/XYZ H.V] /Dest (0:install) cvn H.B /DEST pdfmark endŸ+BTÃ3.–ͽInstallazione“e“congurazioneïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïWps:SDict begin [ /View [/XYZ H.V] /Dest (0:machine-configure) cvn H.B /DEST pdfmark endŸ#¬å‘0Ç3.1.–ÈDescrizione“g$Ûenerale“della“congurazione“dellaŽŸ¸R‘0maccÛ$hinaïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.9.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:134) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁQuesta–€sezione“del“documento“descriÀvÙ e“l'installazione“e“la“congurazione“delle“macchine“e“del“softwægareŽ¡‘0che–€svÌÐolge“il“ruolo“di“KDC.“€È“possibile“intervÙ enire“con“aggiustamenti“sulle“congurazioni“suggerite“maŽ¡‘0saranno–€presentati“alcuni“punti“chiaÌÐvÙ e“che“€è“importante“tenere“a“mente“quando“si“congura“il“KDC“eŽ¡‘0anche–€se“si“scešÙ glie“di“praticare“una“strate˜gia“di“congurazione“alternati•Àv“a–€€è“necessario“aÌÐv˜er“compreso“ilŽ¡‘0materiale–€che“viene“presentato“qu€ì.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:135) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Le–€macchine“eseÙ guono“il“demone“KšÀerberos“e“conserv˜ano“le“passwægord“e“le“informazioni“sui“criteri,“perci€òŽ¡‘0€è–€molto“importante“per“la“salvÀaguardia“della“rete“che“questi“servÙ er“siano“messi“in“sicurezza.“Bisogner€àŽ¡‘0prendere–€ogni“misura“possibile“per“scongiurare“la“compromissione“di“questi“servÙ er;“le“raccomandazioniŽ¡‘0per–€la“sicurezza“contenute“in“questa“sezione“riÀvÙ estono“fondamentale“importanza.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:136) cvn H.B /DEST pdfmark endŸ ÕÈ‘0La–€raccomandazione“principale“€è“di“usare“macchine“dedicate“per“erogó7are“il“servizio“KDC“di“kægerberos;Ž¡‘0l'hardwægare–€doÙ vr€à“essere“inaccessibile“alle“minacce“materiali“e“anche“il“sistema“GNU“Linux“andr€àŽŽŸ0‘Hïcolor push Black’ÏÆ5ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'h8‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.6) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xÁrinforzato–€il“pi€ù“possibile.“Dalla“compromissione“del“KDC“deriÀvÙ erebbe“la“compromissione“dell'interaŽ¤ ‘xinfrastruttura‘€KÀerberos.Ž‘HŸY”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:hardware) cvn H.B /DEST pdfmark endŸ'k‹‘0Ç3.2.‘ÈHar¶JdȽwareïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.10.2) cvn H.B /DEST pdfmark endŽ©.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:139) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁIl–€servizio“KÀerberos“non“ha“grosse“richieste“riguardo“all'hardwægare“e“ha“capacit€à“di“ridondanza,“quindiŽ¡‘0l'hardwægare–€del“servšÙ er“pu€ò“essere“esiguo.“Per“i“serv˜er“KÀerberos“che“ho“distribÌÐuito“ho“usato“macchine“conŽ¡‘0un–€processore“Pentium“III“e“due“dischi“in“RAID“1“hardwægare,“sucienti“per“svÌÐolgere“da“quaranta“aŽ¡‘0centomila–€autenticazioni“al“giorno.“Anche“se“il“servÙ er“pu€ò“essere“dotato“di“schede“di“rete“ridondanti,Ž¡‘0bisogna–€ešÀvitare“di“tenerle“atti˜vÙ e“entrambe“contemporaneamente“perch€é“K˜erberos“scri˜vÙ e“l'indirizzo“IP“delŽ¡‘0KDC–€nei“tickšæget“e“se“durante“il“processo“di“autenticazione“il“client“contatta“il“KDC“attraÌÐvÙ erso“interf˜acceŽ¡‘0multiple–€possono“insorÑðgere“dicolt€à.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:140) cvn H.B /DEST pdfmark endŸ ÕÈ‘0€È–€importante“ešÀvidenziare“che“il“servizio“K˜erberos“andrebbe“eseÙ guito“su“hardwægare“dedicato.“Riserv˜are“unaŽ¡‘0macchina–€a“KšÀerberos“signica“che“soltanto“gli“amministratori“di“K˜erberos“aÌÐvranno“bisogno“di“accedere“aŽ¡‘0quella–€macchina“e“che“sulla“macchina“non“saranno“in“esecuzione“altri“servizi,“salvÌÐo“probabilmente“SSH.Ž¡‘0TŒÏutte–€le“passwægord“dešÙ gli“utenti“saranno“conservÀate“presso“i“serv˜er“KÀerberos,“quindi“sar€à“bene“limitare“ilŽ¡‘0pi€ù–€possibile“l'accesso“sico“alle“macchine“interessate;“usando“hardwægare“riservšÀato“a“K˜erberos“sar€à“pi€ùŽ¡‘0semplice–€adempiere“a“questo“requisito,“magó7ari“chiudendo“il“servÙ er“con“la“sua“console“in“un“proprioŽ¡‘0armadio.ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:141) cvn H.B /DEST pdfmark endŸ æl‘0Per–€approttare“della“capacit€à“nati•Àv“a–€di“KÀerberos“di“fornire“ridondanza“bisogna“aÌÐvÙ ere“almeno“dueŽ¡‘0macchine–€che“funzionano“da“KDC.“KÀerberos“€è“progettato“per“essere“distribÌÐuito“con“un“servÙ er“principaleŽ¡‘0(master)–€e“uno“o“pi€ù“servšÙ er“secondari“(slaÌÐv˜e);“non“c'€è“limite“al“numero“di“secondari.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïVps:SDict begin [ /View [/XYZ H.V] /Dest (0:gnulinux-install) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç3.3.–ÈInstallazione“di“GNU“LinÛ$uxïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.11.2) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:144) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁInstallando–€GNU“Linux“su“servÙ er“dedicati“all'esecuzione“dei“servizi“kægerberos“si“percorreranno“ulterioriŽ¡‘0passi–€per“gó7arantirne“la“sicurezza.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:145) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Per–€prima“cosa“si“installer€à“soltanto“il“softwægare“assolutamente“necessario“per“il“servizio“KÀerberos,Ž¡‘0costituito–€dal“sistema“operatišÀvÌÐo“di“base“e“dai“pacchetti“K˜erberos,“escludendo“X“e“qualunque“applicazioneŽ¡‘0graca.–€SSH“€è“opzionale“e“andr€à“installato“se“si“desidera“poter“amministrare“i“servÙ er“a“distanza;“del“restoŽ¡‘0i–f~servÙ er›f}saranno“parecchio˜pi€ù“sicuri˜se“si˜permetter€à“di˜accedervi“soltanto˜mediante“il˜terminale“colleÙ gó7atoŽ¡‘0direttamente–€ad“essi.ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:146) cvn H.B /DEST pdfmark endŸ æl‘0In–€un“sistema“GNU“Linux“basato“su“Fedora“Core,“il“servizio“kægerberos“€è“fornito“dai“pacchetti:ŽŸ *8ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:147) cvn H.B /DEST pdfmark endŸ ˆû‘0Êkrb5-serverŽŸ ³3‘0krb5-libsŽŸŽŸ0‘Hïcolor push Black’ÎÊ@Æ6ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'}m‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.7) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:148) cvn H.B /DEST pdfmark endŸ ‘0ÁLa–€documentazione“e“le“librerie“di“sviluppo“non“andranno“installate“sul“KDC“perch€é“non“si“intende“usareŽ¤ ‘0questa–€macchina“per“altre“attiÀvit€à“che“non“siano“l'espletamento“del“servizio“KDC.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:149) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Nel–€passo“successiÀvÌÐo“ci“si“accerter€à“che“non“vi“siano“porte“aperte“oltre“a“quelle“necessarie“e“che“tutti“gliŽ¡‘0aggiornamenti–€di“sicurezza“siano“stati“applicati.“Il“procedimento“per“controllare“quali“aggiornamenti“diŽ¡‘0sicurezza–€vÀanno“applicati“dipende“dal“programma“di“gestione“dei“pacchetti“in“uso.“Per“determinare“suŽ¡‘0quali–€porte“la“macchina“€è“in“ascolto“si“pu€ò“usare“il“comando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:150) cvn H.B /DEST pdfmark endnetstat;“per“esempio“su“una“macchina“che“haŽ¡‘0in–€esecuzione“soltanto“ssh,“si“leÙ gger€à:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:151) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:152) cvn H.B /DEST pdfmark endŸ ˆû‘0Êbash$–ffnetstat“-an“|“grep“-i“listen“|“lessŽŸ ³3‘0tcp‘+300‘ fd0‘ff0.0.0.0:22‘K™”0.0.0.0:*‘PÿúLISTENŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:153) cvn H.B /DEST pdfmark end¡‘0ÁInne–€si“došÙ vr€à“congurare“il“serv˜er“in“modo“che“possano“accedervi“soltanto“i“serv˜er“che“deÀvÌÐonoŽ¡‘0comunicare–€con“lui“per“esigenze“di“autenticazione,“editando“i“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:154) cvn H.B /DEST pdfmark endÊ/etc/hosts.allow“ÁandŽ¡‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:155) cvn H.B /DEST pdfmark endÊ/etc/hosts.deny–€Áinsieme“al“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:156) cvn H.B /DEST pdfmark endÊiptablesÁ.ŽŸ¢Ìïps:SDict begin H.S endïps:SDict begin 13 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0:realm) cvn H.B /DEST pdfmark endŸ&"S‘0Ç3.4.–ÈLa“scelta“del“realmïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.12.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:159) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁI–€nomi“dei“realm“[domini“di“protezione]“sono“sensibili“alle“maiuscole“e“deÀvÌÐono“esere“unici“sulla“rete;“€èŽ¡‘0bÌÐuona–€pratica“usare“come“nome“del“realm“il“nome“del“dominio“di“secondo“liÀvÙ ello“scritto“in“lettereŽ¡‘0maiuscole.–€Se“si“sta“congurando“KÀerberos“soltanto“per“una“sottorete“anzich€é“per“la“rete“intera,“siŽ¡‘0potrebbe–€usare“un“nome“di“dominio“glio“da“fægar“corrispondere“alla“sottorete.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:160) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Quando–€si“scešÙ glie“la“topologia“dei“realm“si“deÀv˜e“prendere“in“considerazione“l'assetto“complessiÀvÌÐoŽ¡‘0dell'orÑðgšó7anizzazione;–€se“si“hanno“uci“remoti“o“sottogruppi“indipendenti“€è“bene“che“essi“apparteng˜ano“aŽ¡‘0un–€realm“separato.“La“topologia“dei“realm“di“KšÀerberos“de˜vÙ e“riettere“la“topologia“del“sistema“di“gestioneŽ¡‘0e–€non“la“struttura“sica“della“rete.ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:161) cvn H.B /DEST pdfmark endŸ æl‘0Inne–€si“doÙ vr€à“tener“presente“l'esistenza“di“sistemi“preesistenti,“come“distribÌÐuzioni“precedenti“diŽ¡‘0KšÀerberos–€o“raggruppamenti“di“rete“che“si“intende“mantenere“(per“esempio“domini“di“W™Ÿindo˜ws“NT).Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:162) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Se–€si“installa“KÀerberos“in“una“rete“che“ne“ospita“gi€à“una“distribÌÐuzione,“nella“rete“globale“o“in“unaŽ¡‘0sottorete,–€bisogna“eÀvitare“una“collisione“di“nomi.“Il“caso“pi€ù“comune“in“cui“succede“di“distribÌÐuireŽ¡‘0kægerberos–€in“un“ambiente“in“cui“€è“gi€à“stato“installato“precedentemente“€è“do•Ù v“e–€esiste“un“cluster“IBM“SP;“laŽ¡‘0soluzione–€migliore“€è“creare“appositamente“per“il“cluster“SP“un“realm“con“un“nome“di“dominio“almeno“diŽ¡‘0terzo–€lišÀvÙ ello“e“usare“un“nome“di“dominio“di“secondo“li˜vÙ ello“per“il“realm“K˜erberos“principale.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:163) cvn H.B /DEST pdfmark endŸ ÕÈ‘0In–€questo“documento“si“utilizzer€à“un“esempio“che“aiuter€à“a“illustrare“il“diseÙ gno“e“la“congurazione“diŽ¡‘0un'infrastruttura.–€Soggetto“dell'esempio“sar€à“una“mitica“uniÀvÙ ersit€à“fondata“per“educare“le“persone“aiŽ¡‘0contenuti–€liberi“e“per“compiere“ricerche“sull'arÑðgomento,“l'UniÀvÙ ersit€à“GNU“di“Dublino“in“Irlanda.ŽŽŸ0‘Hïcolor push Black’ΡHÆ7ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'‘l‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.8) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xÁL‘ÿ'esempio–eÔcomprende“due›eÕservÙ er“KÀerberos“usati“per˜autenticare“gli“studenti“e˜il“corpo“docente.“Il˜nome“diŽ¤ ‘xdominio–€dell'unišÀvÙ ersit€à“€è“gnud.ie“quindi“per“il“realm“K˜erberos“si“user€à“GNUD.IE.Ž‘HŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:configure) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç3.5.–ÈCongurazione“del“software“KȽerber¶Josïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.13.2) cvn H.B /DEST pdfmark endŽŸ41ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:166) cvn H.B /DEST pdfmark endŸ ËÏ‘0ÁAdesso–€€è“necessario“congurare“KÀerberos,“creare“un“amministratore,“determinare“un“criterio“di“sicurezzaŽ¡‘0e–€inizializzare“il“database“dei“principal“di“KÀerberos.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:167) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Il–€primo“passaggio“consiste“nell'editare“il“le“di“congurazione“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:168) cvn H.B /DEST pdfmark endÊ/etc/krb5.confÁ.“In“questo“le“siŽ¡‘0imposta–€il“realm,“si“estende“la“denizione“del“realm“specicando“i“servÙ er“kægerberos“e“inne“si“imposta“ilŽ¡‘0dominio–€del“realm.“Nell'esempio“il“contenuto“del“le“€è“il“seÙ guente:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:169) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:170) cvn H.B /DEST pdfmark endŸ ˆû‘0Êdefault_realm–ff=“GNUD.IEŽ¤ ³3¡‘0[realms]Ž¡‘5ffGNUD.IE–ff=“{Ž¡‘:ÌÌkdc–ff=“kerberos1.gnud.ie:88Ž¡‘:ÌÌkdc–ff=“kerberos2.gnud.ie:88Ž¡‘:ÌÌadmin_server–ff=“kerberos1.gnud.ie:749Ž¡‘:ÌÌdefault_domain–ff=“gnud.ieŽ¡‘5ff}Ž¡¡‘0[domain_realm]Ž¡‘5ff.gnud.ie–ff=“GNUD.IEŽ¡‘5ffgnud.ie–ff=“GNUD.IEŽ¤©ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:171) cvn H.B /DEST pdfmark endŸ ‘0ÁIl–€database“di“KÀerberos“si“crea“e“inizializza“con“il“comando:ŽŸ ”ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:172) cvn H.B /DEST pdfmark endŸ ™Ÿ‘0Ê{Kerberos1}bash#–ff/usr/Kerberos/sbin/kdb5_util“create“-sŽ¡¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:173) cvn H.B /DEST pdfmark end¤ ‘0ÁIl–€ag“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:174) cvn H.B /DEST pdfmark endÆ-s“Áfæga“in“modo“che“il“KDC“crei“un“le“riservÀato“per“autenticare“s€é“stesso;“si“usa“il“ag“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:175) cvn H.B /DEST pdfmark endÆ-r‘ºßÁperŽ¡‘0specicare–€un“realm.“Quando“si“crea“un“nuoÙ vÌÐo“database“€è“necessario“specicare“il“realm“soltanto“se“nelŽ¡‘0le–€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:176) cvn H.B /DEST pdfmark endÊkrb5.conf“Ásono“deniti“pi€ù“realm.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:177) cvn H.B /DEST pdfmark endŸ ÕÈ‘0A–€questo“punto“KÀerberos“domander€à“di“predisporre“una“master“passwægord“per“il“database;“€è“moltoŽ¡‘0importante–xknon“dimenticarla.“Non“sar€à“possibile“compiere‘xlalcuna“azione“amministrati•Àv“a–xksul“servÙ er“se“nonŽ¡‘0si–€ricorder€à“la“master“passwægord.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:178) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Ora–€€è“necessario“editare“il“le“delle“acl“[access“control“list]“sul“KDC“per“concedere“l'accesso“comeŽ¡‘0amministratore.–€Normalmente“questo“le“si“troÙ vÀa“in“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:179) cvn H.B /DEST pdfmark endÊ/var/Kerberos/krb5kdc/kadm5.aclÁ.“Pu€òŽŽŸ0‘Hïcolor push Black’ÏÆ8ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹ '¨±‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïJps:SDict begin [ /View [/XYZ H.V] /Dest (page.9) cvn H.B /DEST pdfmark endï color popŸüfdŸ÷™œïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:210) cvn H.B /DEST pdfmark endŸfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xÁessere–€necessario“specicarne“la“posizione“nel“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:180) cvn H.B /DEST pdfmark endÊkdc.confÁ,“il“cui“percorso“€è“precisato“nel“leŽ¤ ‘xïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:181) cvn H.B /DEST pdfmark endÊ/etc/krb5.conf–€Áed“ha“come“vÀalore“predenito“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:182) cvn H.B /DEST pdfmark endÊ/var/Kerberos/krb5kdc/kdc.confÁ.Ž¡‘xConsiderando–€l'esempio“dell'UniÀvšÙ ersit€à“GNU“di“Dublino“si“do˜vr€à“modicare“il“le“delle“acl“perch€éŽ¡‘xcontengšó7a–€la“rig˜a:Ž‘HŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:183) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:184) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê*/admin@GNUD.IE‘ÿþ*ŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:185) cvn H.B /DEST pdfmark end¡‘0ÁQuesta–€impostazione“signica“che“a“ogni“account“che“termina“con“un“/admin“nel“realm“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:186) cvn H.B /DEST pdfmark endÆGNUD.IE‘ºßÁsonoŽ¡‘0concessi–€tutti“i“diritti“d'accesso.Ž©”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:187) cvn H.B /DEST pdfmark endŸ æl‘0Una–€vÌÐolta“impostato“l'accesso“per“gli“utenti“amministratori“bisogna“creare“tali“utenti;“questo“si“fægaŽ¡‘0utilizzando–€il“comando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:188) cvn H.B /DEST pdfmark endkadmin.local,“impartito“da“una“shell“di“root“sul“KDC“e“usando“il“suoŽ¡‘0sottocomando–€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:189) cvn H.B /DEST pdfmark endaddprinc.“Di“solito“il“nome“dell'account“amministratiÀvÌÐo“€è“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:190) cvn H.B /DEST pdfmark endÆadminÁ;“nell'esempio“dellaŽ¡‘0UniÀvÙ ersit€à–€GNU“di“Dublino“€è“scritto“come:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:191) cvn H.B /DEST pdfmark end© ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:192) cvn H.B /DEST pdfmark endŸ ™Ÿ‘0Ê{Kerberos1}bash#–ff/usr/Kerberos/sbin/kadmin.local“-q“"addprinc“admin/admin"ŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:193) cvn H.B /DEST pdfmark end¡‘0ÁSul–€servšÙ er“andranno“ese˜guiti“i“d€èmoni“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:194) cvn H.B /DEST pdfmark endkrb5kdc“e“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:195) cvn H.B /DEST pdfmark endkadmin.“Se“€è“necessario“potr€à“essere“ese˜guito“ancheŽ¡‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:196) cvn H.B /DEST pdfmark endkrb524–€per“fornire“la“compatibilit€à“con“i“client“KÀerberos“4.“TŒÏuttaÌÐvia“prima“di“fægar“partire“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:197) cvn H.B /DEST pdfmark endkrb524“siŽ¡‘0rammenti–€l'ašÌÐvvÙ ertimento“riguardante“le“debolezze“nella“sicurezza“di“KÀerberos“4“e“ci“si“accerti“di“a˜vÙ ereŽ¡‘0daÌÐvvÙ ero–€bisogno“di“questa“funzionalit€à.“Sui“KDC“si“possono“congurare“i“d€èmoni“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:198) cvn H.B /DEST pdfmark endkrb5kdc“e“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:199) cvn H.B /DEST pdfmark endkadmin“perŽ¡‘0aÌÐvviarsi–€automaticamente,“tramite“il“comando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:200) cvn H.B /DEST pdfmark endchkcong.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:201) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:202) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê{Kerberos1}bash#–ff/sbin/chkconfig“krb5kdc“onŽŸ ³3‘0{Kerberos1}bash#–ff/sbin/chkconfig“kadmin“onŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:203) cvn H.B /DEST pdfmark end¡‘0ÁAlternati•Àv“amente–€si“possono“aÌÐvviare“manualmente,“impartendo“i“comandi:ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:204) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:205) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê{Kerberos1}bash#–ff/etc/rc.d/init.d/krb5kdc“startŽŸ ³3‘0{Kerberos1}bash#–ff/etc/rc.d/init.d/kadmin“startŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:206) cvn H.B /DEST pdfmark end¡‘0ÁQuesto–€€è“suciente“per“ottenere“un“KDC“funzionante.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïXps:SDict begin [ /View [/XYZ H.V] /Dest (0:principal-creation) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÏÆ9ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹ '»“‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.10) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš9‘xÇ3.6.–ÈCreazione“dei“principalïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.3.14.2) cvn H.B /DEST pdfmark endŽ‘H©ûïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:209) cvn H.B /DEST pdfmark endŸ ð‘0ÁSi–€crea“un“principal“di“KÀerberos“per“un“utente“con“il“comando:ŽŸ)³3‘0Ê{Kerberos1}bash#‘ffkadmin.localŽŸ ³3‘0{Kerberos1}kadmin.local:–ffaddprinc“ŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:212) cvn H.B /DEST pdfmark end¤ ‘0ÁSe–€KšÀerberos“de˜vÙ e“supportare“un“v˜asto“numero“di“account,“si“pu€ò“scri˜vÙ ere“uno“script“per“creare“i“principalŽ¡‘0in‘€massa.ŽŸ Y”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:time-sync) cvn H.B /DEST pdfmark endŸ-RøÃ4.–ͽSincr§Œonizzazione“del“tempoïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.4.1) cvn H.B /DEST pdfmark endŽŸ“­ïps:SDict begin H.S endïps:SDict begin 13 H.A endïZps:SDict begin [ /View [/XYZ H.V] /Dest (0:time-sync-importance) cvn H.B /DEST pdfmark endŸ#ñr‘0Ç4.1.–ÈL‘ýûñ'imporIµtanza“della“sincr¶Jonia“temporaleïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.4.15.2) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:217) cvn H.B /DEST pdfmark endŸ ð‘0ÁLa–€sicurezza“di“KÀerberos“€è“basata“anche“sui“time“stamp“dei“tickæget“perci€ò“€è“d'importanza“critica“che“gliŽ¡‘0orologi–€dei“seÀvšÙ er“kægerberos“siano“re˜golati“con“accuratezza.“Come“€è“stato“discusso“nell'introduzione“aŽ¡‘0kšægerberos,–€i“tick˜et“hanno“una“scadenza“brešÀvÙ e“per“pre˜vÙ enire“attacchi“di“forza“bruta“e“attacchi“di“replica.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:218) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Permettendo–€agli“orologi“di“subire“scostamenti“si“rende“la“rete“vulnerabile“a“questi“attacchi.“A“causaŽ¡‘0dell'importanza–€della“sincronia“deÙ gli“orologi“nella“sicurezza“del“protocollo“KÀerberos,“se“gli“orologi“nonŽ¡‘0sono–€sincronizzati“entro“un“ragionešÀvÌÐole“interv˜allo“K˜erberos“presenta“errori“fægatali“e“smette“di“funzionare.“IŽ¡‘0client–€che“tentino“di“autenticarsi“da“una“macchina“con“un“orologio“non“accurato“fægalliranno“il“tentatiÀvÌÐo“diŽ¡‘0autenticazione–€presso“il“KDC“a“causa“della“dierenza“di“ora“con“il“suo“orologio.Ž©j8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:intro-ntp) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç4.2.–ÈIntr¶Joduzione“a“NTPïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.4.16.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:221) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁPer–€sincronizzare“l'orario“fra“i“servÙ er“€è“disponibile“il“protocollo“NTP“(Netwægork“T¦gime“Protocol);“esistonoŽ¡‘0molti–€servÙ er“NTP“pubblici“utilizzabili“per“la“sincronizzazione.“NTP“pu€ò“sincronizzare“gli“orologi“deiŽ¡‘0client–€al“millisecondo“sulla“LAN“ed“entro“decine“di“millisecondi“attraÌÐvšÙ erso“una“W‘þÌÐAN.“I“serv˜er“NTP“sonoŽ¡‘0dišÀvisi–€in“strati“(stratum).“I“servÙ er“NTP“primari“sono“classicati“come“stratum“1;“essi“non“de˜vÌÐono“essereŽ¡‘0usati–€per“sincronizzare“le“macchine“perch€é“sono“in“numero“esiguo.“I“servÙ er“pubblici“dello“stratum“2“sonoŽ¡‘0disponibili–€per“la“sinconizzazione“dei“client“e“a“loro“vÌÐolta“si“sincronizzano“con“i“servÙ er“pubblici“stratumŽ¡‘01.–€Si“imposteranno“i“servšÙ er“KÀerberos“per“interrogó7are“tre“serv˜er“stratum“2“usando“NTP‘þã×.“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:222) cvn H.B /DEST pdfmark endQuestaŽ¡‘0(http://support.ntp.orÑðg/bin/vieÀw/Serv•Ù ers/StratumT‘ÿ37wægoT¦gimeServ“ers)–€€è“una“lista“di“servÙ er“pubblici“delloŽ¡‘0stratum–€2“[aggiornato“dal“traduttore].Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïQps:SDict begin [ /View [/XYZ H.V] /Dest (0:ntp-install) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÊÆ10ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹ 'Ôž‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.11) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš9‘xÇ4.3.–ÈInstallazione“e“congurazione“di“NTPïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.4.17.2) cvn H.B /DEST pdfmark endŽ‘HŸ41ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:225) cvn H.B /DEST pdfmark endŸ ËÏ‘0ÁPer–€abilitare“NTP“in“GNU“Linux“€è“necessario“installare“il“pacchetto“NTP“ed“editare“il“le“diŽ¤ ‘0congurazione,–€che“per“impostazione“predenita“€è“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:226) cvn H.B /DEST pdfmark endÊ/etc/ntp.confÁ.“I“vÀalori“della“congurazione“diŽ¡‘0defægault–€sono“accettabili;“bisogna“soltanto“aggiungere“i“servÙ er“che“si“intende“usare“per“sincronizzareŽ¡‘0l'orario.–€Non“€è“necessario“usare“l'autenticazione“ma“si“pu€ò“fægarlo“per“aumentare“la“sicurezza;“andr€à“usataŽ¡‘0se–€si“utilizzano“i“servšÙ er“NTP“della“LAN.“Qu€ì“c'€è“un“esempio“di“le“di“congurazione“per“l'UniÀv˜ersit€àŽ¡‘0GNU‘LÙdi‘LåDublino:‘Læïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:227) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:228) cvn H.B /DEST pdfmark endÊntp.conf‘ff(http://cryptnet.net/fdp/admin/kerby-infra/en/ntp.conf)Á.ŽŸbÌïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:229) cvn H.B /DEST pdfmark endŸ 4‘0Per–€ottenere“l'eetti•Àv“a–€sincronizzazione“si“imposta“un“job“di“cron:ŽŸ *8ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:230) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê30–ff*“*“*“*“/usr/sbin/ntpdate“-sŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:231) cvn H.B /DEST pdfmark end¡‘0ÁSe–€i“sistemi“si“troÙ všÀano“dietro“un“re˜wægall“si“user€à“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:232) cvn H.B /DEST pdfmark endÆ-su“Áin™ŸvÙ ece“che“soltanto“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:233) cvn H.B /DEST pdfmark endÆ-sÁ.“L‘ÿ'arÑðgomento“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:234) cvn H.B /DEST pdfmark endÆ-u“Áindica“aŽ¡‘0ntpdate–€di“usare“porte“non“priÀvilešÙ giate“per“la“connessione“in“uscita“ai“serv˜er“stratum“2.ŽŸ j8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïXps:SDict begin [ /View [/XYZ H.V] /Dest (0:server-replication) cvn H.B /DEST pdfmark endŸ+BTÃ5.–ͽReplica“del“ser,:ver“K½°erber§Œosïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.5.1) cvn H.B /DEST pdfmark endŽŸ“­ïps:SDict begin H.S endïps:SDict begin 13 H.A endïQps:SDict begin [ /View [/XYZ H.V] /Dest (0:replication) cvn H.B /DEST pdfmark endŸ#ñr‘0Ç5.1.–ÈDescrizione“della“replicaïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.5.18.2) cvn H.B /DEST pdfmark endŽŸûïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:239) cvn H.B /DEST pdfmark endŸ ð‘0ÁKÀerberos–€€è“stato“progettato“per“permettere“l'implementazione“di“un“cluster“di“replica“in“congurazioneŽ¡‘0master–€e“slaÌÐvÙ e.“Un“cluster“KÀerberos“pu€ò“consistere“in“qualunque“numero“di“host;“si“raccomanda“diŽ¡‘0schierarne–€almeno“due:“un“master“che“funziona“come“servšÙ er“principale“e“almeno“uno“slaÌÐv˜e“che“restaŽ¡‘0disponibile–€come“backup“del“master‘ÿs8.“I“servšÙ er“master“e“slaÌÐv˜e“sono“anche“detti“rispetti•Àv“amente‘€serv˜erŽ¡‘0primario–€e“servÙ er“secondario.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:240) cvn H.B /DEST pdfmark endŸ ÕÈ‘0K•Àerberos›€conserv“a˜tutte˜le˜sue˜informazioni,˜relati“vÙ e˜agli˜account˜e˜ai˜criteri,˜in˜database˜applicati“vi;˜laŽ¡‘0distribÌÐuzione–€del“softwægare“KÀerberos“comprende“programmi“per“replicare,“o“copiare,“questi“dati“sugli“altriŽ¡‘0servÙ er‘ÿs8.Ž©”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:241) cvn H.B /DEST pdfmark endŸ æl‘0Le–€applicazioni“client“KÀerberos“sono“progettate“per“tentare“l'autenticazione“sui“servÙ er“secondari“se“ilŽ¡‘0servšÙ er–€primario“€è“indisponibile,“quindi“in“caso“di“guasto“non“€è“necessario“alcun“pro˜vv˜edimentoŽ¡‘0aggiuntišÀvÌÐo–€per“spostare“il“servizio“di“autenticazione“di“K˜erberos“sul“servšÙ er“di“backup.“In™Ÿv˜ece“le“funzioniŽ¡‘0di–€amministrazione“di“KÀerberos“non“sono“interessate“dal“fægailo•Ù v“er‘€automatico.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:242) cvn H.B /DEST pdfmark endŸ æl‘0In–€caso“di“guasto“del“servšÙ er“primario,“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:243) cvn H.B /DEST pdfmark endkadmind“diÀv˜enta“indisponibile,“quindi“le“funzioni“diŽ¡‘0amministrazione–€non“saranno“utilizzabili“nch€é“il“servÙ er“primario“non“sar€à“riparato“o“sostituito.“InŽ¡‘0particolare–€durante“un“guasto“al“servÙ er“primario“non“si“potranno“eettuare“la“gestione“dei“principal,“laŽ¡‘0creazione–€e“la“sostituzione“delle“chiaÌÐvi.ŽŸY”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïTps:SDict begin [ /View [/XYZ H.V] /Dest (0:implementation) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÊÆ11ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹ 'èk‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.12) cvn H.B /DEST pdfmark endï color popŸüfdŸ÷™œïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:269) cvn H.B /DEST pdfmark endŸfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš9‘xÇ5.2.‘ÈImplementazioneïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.5.19.2) cvn H.B /DEST pdfmark endŽ‘HŸûïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:246) cvn H.B /DEST pdfmark endŸ ð‘0ÁPer–€aÌÐvviare“la“replica“si“impartisce“il“comando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:247) cvn H.B /DEST pdfmark endkprop“sul“master“KDC;“si“pu€ò“anche“pianicarneŽ¤ ‘0l'esecuzione–€come“job“di“cron“per“mantenere“il“database“dei“principal“sincronizzato“fra“i“servÙ er‘ÿs8.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:248) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Nell'impostazione–€della“replica“innanzitutto“si“congurano“le“Aš™ŸCL“per“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:249) cvn H.B /DEST pdfmark endkpropd;“il“le“delle“A˜CL“diŽ¡‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:250) cvn H.B /DEST pdfmark endkpropd–€per“impostazione“predenita“si“troÙ vÀa“nel“percorso:“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:251) cvn H.B /DEST pdfmark endÊ/var/Kerberos/krb5kdc/kpropd.aclÁ.Ž¡‘0Nell'esempio–€esso“conterr€à“le“righe:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:252) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:253) cvn H.B /DEST pdfmark endŸ ˆû‘0Êhost/kerberos1.gnud.ie@GNUD.IEŽŸ ³3‘0host/kerberos2.gnud.ie@GNUD.IEŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:254) cvn H.B /DEST pdfmark end¡‘0ÁIl–€le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:255) cvn H.B /DEST pdfmark endÊkpropd.acl“Ápu€ò“esistere“soltanto“sui“servÙ er“KšÀerberos“secondari;“nei“sistemi“GNU“Linux“deri˜v˜atiŽ¡‘0da–€Fedora,“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:256) cvn H.B /DEST pdfmark endkadmin“non“viene“esešÙ guito“su“un“serv˜er“KÀerberos“su“cui“sia“presente“il“leŽ¡‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:257) cvn H.B /DEST pdfmark endÊ/var/Kerberos/krb5kdc/kpropd.aclÁ.ŽŸbÌïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:258) cvn H.B /DEST pdfmark endŸ 4‘0Dopo–€di“questo“si“deÀvšÌÐono“creare“le“chia˜vi“di“host“per“i“servÙ er“KÀerberos“master“e“sla˜vÙ e:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:259) cvn H.B /DEST pdfmark end© ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:260) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê{Kerberos1}bash#‘ffkadmin.localŽ¤ ³3‘0{Kerberos1}kadmin.local:‘ ÌÌaddprinc–ff-randkey“host/kerberos1.gnud.ieŽ¡‘0{Kerberos1}kadmin.local:‘ ÌÌaddprinc–ff-randkey“host/kerberos2.gnud.ieŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:261) cvn H.B /DEST pdfmark end¤ ‘0ÁLe–€chiašÌÐvi“deÀv˜ono“essere“estratte“nel“le“kægeÙ ytab:“si“tratta“di“un“portachia˜vi“che“contiene“le“chia˜viŽ¡‘0crittograche–€che“servšÌÐono“per“autenticarsi“presso“il“KDC.“L‘ÿ'estrazione“delle“chia˜vi“nel“kægeÙ ytab“si“ottieneŽ¡‘0con–€il“sottocomando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:262) cvn H.B /DEST pdfmark endktadd:ŽŸ”ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:263) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:264) cvn H.B /DEST pdfmark endŸ ™Ÿ‘0Ê{Kerberos1}kadmin.local:‘ ÌÌktadd‘ffhost/kerberos1.gnud.ieŽŸ ³3‘0{Kerberos1}kadmin.local:‘ ÌÌktadd‘ffhost/kerberos2.gnud.ieŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:265) cvn H.B /DEST pdfmark end¡‘0ÁInne–€sar€à“necessario“copiare“il“kægešÙ ytab“sul“serv˜er“slaÌÐv˜e“in“modo“che“questo“abbia“le“chiaÌÐvi“necessarie“perŽ¡‘0procedere‘€all'autenticazione.ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:266) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:267) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê{Kerberos2}bash#–ffscp“root@kerberos1.gnud.ie:/etc/krb5.keytab“/etcŽŸŽŸ0‘Hïcolor push Black’ÊÆ12ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹ '‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.13) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:268) cvn H.B /DEST pdfmark endŸ ‘0ÁQuesta–€linea“inserita“nel“crontab“del“master“servÙ er“KÀerberos“sincronizza“i“database“dei“principal“ogniŽ¤ ‘0quindici‘€minuti:ŽŸ³3‘0Ê15–ff*“*“*“*“/usr/local/bin/krb5prop.shŽ©Ÿïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:270) cvn H.B /DEST pdfmark end¡‘0ÁQuesto–€€è“il“contenuto“dello“script“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:271) cvn H.B /DEST pdfmark endÊkrb5prop.shÁ:ŽŸ *8ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:272) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê#!/bin/shŽ¤ ³3¡‘0/usr/Kerberos/sbin/kdb5_util–ffdump“/var/Kerberos/krb5kdc/slave_datatransŽ¡¡‘0/usr/Kerberos/sbin/kprop–ff-f“/var/Kerberos/krb5kdc/slave_datatrans“kerberos2.gnud.ie“>“/dev/nullŽ¦Ÿïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:273) cvn H.B /DEST pdfmark endŸ ‘0ÁQuesto–€comando,“impartito“manualmente,“restituisce“qualcosa“di“simile“a“quel“che“seÙ gue:ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:274) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:275) cvn H.B /DEST pdfmark endŸ ˆû‘0Ê{Kerberos1}bash#–ff/usr/Kerberos/sbin/kdb5_util“dump“/var/Kerberos/krb5kdc/slave_datatransŽ¡‘0{Kerberos1}bash#–ff/usr/Kerberos/sbin/kprop“-d“-f“/var/Kerberos/krb5kdc/slave_datatrans“kerberos2.gnud.ieŽ¡‘03234–ffbytes“sent.Ž¡‘0Database–ffpropagation“to“kerberos2.gnud.ie:“SUCCEEDEDŽ¡‘0{Kerberos1}bash#Ž¦Ÿïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:276) cvn H.B /DEST pdfmark end¤ ‘0ÁIl–€servšÙ er“slaÌÐv˜e“sincronizzer€à“il“database“dei“principal“con“il“serv˜er“master‘ÿs8.ŽŸj8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:maintain) cvn H.B /DEST pdfmark endŸ%Zç‘0Ç5.3.‘ÈManÛ$utenzioneïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.5.20.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:279) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁUna–€vÌÐolta“che“siano“stati“impostati“i“job“di“cron,“la“propagó7azione“dei“principal“sar€à“automatica“e“nonŽ¡‘0richieder€à–€alcuna“manutenzione;“al“momento“di“un“guasto“del“KDC“primario“non“sar€à“necessario“unŽ¡‘0intervÙ ento–€umano,“a“meno“che“il“guasto“non“duri“molto“tempo.ŽŸ j8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïVps:SDict begin [ /View [/XYZ H.V] /Dest (0:client-configure) cvn H.B /DEST pdfmark endŸ+BTÃ6.–ͽCongurazione“dei“c§Œlientïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.6.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0:client) cvn H.B /DEST pdfmark endŸ#¬å‘0Ç6.1.–ÈCongurazione“g$Ûenerale“dei“c¶Jlient“GNU“LinÛ$uxïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.6.21.2) cvn H.B /DEST pdfmark endŽŸ41ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:284) cvn H.B /DEST pdfmark endŸ ËÏ‘0ÁLe–€distribÌÐuzioni“di“KÀerberos“per“GNU“Linux“comprendono“un“pacchetto“client“che“contiene“tutto“ilŽ¡‘0softwægare–€e“i“le“di“congurazione“necessari“per“congurare“una“macchina“GNU“Linux“capace“diŽŽŸ0‘Hïcolor push Black’ÊÆ13ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'R‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.14) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xÁeettuare–€l'autenticazione“KšÀerberos“su“un“KDC.“Nei“sistemi“basati“su“Fedora“e“suoi“deri˜v˜ati“si“tratta“delŽ¤ ‘xpacchetto–€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:285) cvn H.B /DEST pdfmark endÆkrb5-workstationÁ.“Perch€é“il“sistema“possa“usare“KÀerberos“per“l'autenticazione,“anche“conŽ¡‘xl'utilizzo–€delle“applicazioni“compatibili,“KšÀerberos“de˜vÙ e“essere“congurato“su“di“esso.Ž‘H©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:286) cvn H.B /DEST pdfmark endŸ ÕÈ‘0La–€congurazione“consiste“nell'editare“il“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:287) cvn H.B /DEST pdfmark endÊ/etc/krb5.confÁ,“do•Ù v“e–€si“specica“il“realm,“i“KDC,“ilŽ¡‘0servÙ er–€amministratiÀvÌÐo,“il“logging,“il“dominio“predenito,“e“le“informazioni“sul“KDC;“andr€à“modicatoŽ¡‘0anche–€il“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:288) cvn H.B /DEST pdfmark endÊkdc.confÁ,“la“posizione“del“quale“pu€ò“essere“specicata“nel“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:289) cvn H.B /DEST pdfmark endÊkrb5.confÁ;“il“percorsoŽ¡‘0predenito–€€è“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:290) cvn H.B /DEST pdfmark endÊ/var/Kerberos/krb5kdc/kdc.confÁ.“Il“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:291) cvn H.B /DEST pdfmark endÊkdc.conf“Ácontiene“informazioni“sulŽ¡‘0criterio–€dell'algoritmo“di“crittograa“applicato“nel“realm.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:292) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Sul–€sistema“che“si“vuole“abilitare“a“eettuare“l'autenticazione“con“KšÀerberos“si“de˜vÌÐono“immettere“leŽ¡‘0medesime–€informazioni“di“congurazione“che“sono“state“scritte“nel“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:293) cvn H.B /DEST pdfmark endÊ/etc/krb5.conf“Ádel“KDC.“SiŽ¡‘0consultino–€anche“i“le“di“congurazione“di“esempio“per“l'uniÀvÙ ersit€à“GNU“di“Dublino:“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:294) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:295) cvn H.B /DEST pdfmark endÊkrb5.confŽ¡‘0(http://cryptnet.net/fdp/admin/kerby-infra/en/krb5.conf)–€Áe“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:296) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:297) cvn H.B /DEST pdfmark endÊkdc.confŽ¡‘0(http://cryptnet.net/fdp/admin/kerby-infra/en/kdc.conf)Á.ŽŸbÌïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:298) cvn H.B /DEST pdfmark endŸ 4‘0A–€questo“punto“€è“possibile“proÙ všÀare“l'autenticazione“di“K˜erberos,“usando“il“comando“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:299) cvn H.B /DEST pdfmark endkinit:ŽŸ *8ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:300) cvn H.B /DEST pdfmark endŸ ˆû‘0Êbash$–ffkinit“ŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:301) cvn H.B /DEST pdfmark end¡‘0ÁSe–€l'autenticazione“non“riesce“si“pu€ò“cercare“una“descrizione“della“causa“del“fægallimento“nei“le“delŽ¡‘0reÙ gistro–€di“sistema“del“client“e“nel“le“log“di“KDC“nel“KDC“su“cui“si“tenta“di“autenticarsi.“DuranteŽ¡‘0l'indagine–€sui“problemi“di“autenticazione“pu€ò“essere“d'aiuto“aÌÐvšÙ ere“un“terminale“aperto“che“ese˜gue“ilŽ¡‘0comando–€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:302) cvn H.B /DEST pdfmark endÆtail“-f‘õÀÁsul“le“log“di“KDC.“Nell'esempio“di“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:303) cvn H.B /DEST pdfmark endÊkrb5.conf“Ála“posizione“del“le“di“reÙ gistro“delŽ¡‘0KDC–€€è“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:304) cvn H.B /DEST pdfmark endÊ/var/log/Kerberos/krb5kdc.logÁ.ŽŸ¢Ìïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:pam) cvn H.B /DEST pdfmark endŸ&"S‘0Ç6.2.‘ÈP‘þ[AMïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.6.22.2) cvn H.B /DEST pdfmark endŽŸ.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:307) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁLa–€tecnologia“P‘ÿAM,“o“moduli“di“autenticazione“inseribili“(Pluggó7able“Authentication“Modules),“che“€èŽ¡‘0inclusa–€in“molte“distribÌÐuzioni“di“GNU“Linux,“si“inteÙ gra“con“KÀerberos“tramite“il“modulo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:308) cvn H.B /DEST pdfmark endpam_krb5.“PerŽ¡‘0utilizzare–€l'autenticazione“KšÀerberos“con“P‘ÿAM“si“de˜vÙ e“installare“il“modulo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:309) cvn H.B /DEST pdfmark endpam_krb5“e“modicare“i“le“diŽ¡‘0congurazione–€di“P‘ÿAM.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:310) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Con–€il“modulo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:311) cvn H.B /DEST pdfmark endpam_krb5“všÙ engono“installati“dei“le“di“congurazione“esemplicatiÀvi,“che“si“tro˜vÀano“inŽ¡‘0ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:312) cvn H.B /DEST pdfmark endÊ/usr/share/doc/pam_krb5-1.55/pam.dÁ.–€La“modica“fondamentale“che“€è“necessario“inserire“perŽ¡‘0permettere–€ai“servizi“controllati“da“P‘ÿAM“di“autenticarsi“con“KÀerberos“€è“di“questo“tipo:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:313) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:314) cvn H.B /DEST pdfmark endŸ ˆû‘0Êauth‘%ÌÊrequired‘ÿþ/lib/security/pam_krb5.so‘ffuse_first_passŽŸŸ@ïps:SDict begin H.S endïps:SDict begin 13 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0:apache) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÊÆ14ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'(ß‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.15) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš1ô‘xÇ6.3.–ÈIl“ser$Ûver“web“ApacÛ$heïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.6.23.2) cvn H.B /DEST pdfmark endŽ‘HŸûïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:317) cvn H.B /DEST pdfmark endŸ ð‘0ÁSi–€pu€ò“utilizzare“KÀerberos“come“meccanismo“di“autenticazione“per“il“servÙ er“web“Apache;“taleŽ¤ ‘0funzionalit€à–rN€è“fornita›rOdal“modulo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:318) cvn H.B /DEST pdfmark endmod_auth_kægerb,“mediante˜il“quale“€è“possibile˜impostare“KÀerberos“comeŽ¡‘0tipo–€di“autenticazione“per“le“occorrenze“del“controllo“di“accesso“nel“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:319) cvn H.B /DEST pdfmark endÊhttpd.confÁ.“Si“noti“che“questoŽ¡‘0non–€€è“il“meccanismo“di“autenticazione“ideale“quando“si“usa“kšægerberos,“perch€é“i“tick˜et“sono“conservÀati“nelŽ¡‘0servÙ er–€web“anzich€é“nella“macchina“client;“peraltro“se“la“nalit€à“€è“di“implementare“una“soluzione“diŽ¡‘0accesso–€a“un“solo“stadio“o“di“consolidare“gli“account“questa“soluzione“€è“praticabile.“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:320) cvn H.B /DEST pdfmark endmod_auth_kægerb“pu€òŽ¡‘0supportare–€KÀerberos“4“ma“questo“documento“non“ne“tratta,“in“considerazione“delle“debolezze“nellaŽ¡‘0sicurezza–€della“vÙ ersione“4“del“protocollo.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:321) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Il–€sito“di“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:322) cvn H.B /DEST pdfmark endmod_auth_kšægerb“si“troÙ vÀa“all'indirizzo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:323) cvn H.B /DEST pdfmark endhttp://modauthk˜erb™Ÿ.sourceforÑðge.net/.“Si“raccomanda“diŽ¡‘0usare–€il“protocollo“HTTPS“per“l'accesso“ai“siti“che“usano“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:324) cvn H.B /DEST pdfmark endmod_auth_kægerb,“perch€é“esso“usaŽ¡‘0l'autenticazione–€di“base“che“trasmette“i“dati“in“codica“base64“ed“€è“semplice“tradurli“in“testo“in“chiaro.“€ÈŽ¡‘0importante–uÖche“le“credenziali›uÕdi“autenticazione“siano“cifrate“con“SSL‘uÓper“gó7arantire“che“il˜nome“utente“e“laŽ¡‘0passwægord–€siano“protette“mentre“sono“trasmesse“al“servÙ er“web™Ÿ.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:325) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Si–€riportano“i“passaggi“necessari“per“compilare“Apache“con“il“modulo“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:326) cvn H.B /DEST pdfmark endmod_auth_krb.Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:327) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:328) cvn H.B /DEST pdfmark endŸ ˆû‘0Êbash$–ffexport“'LIBS=-L/usr/Kerberos/lib“-lkrb5“-lcrypto“-lcom_err'Ž¤ ³3‘0bash$–ffexport“'CFLAGS=-DKRB5“-DKRB_DEF_REALM=\\\"GNUD.IE\\\"'Ž¡‘0bash$–ffexport“'INCLUDES=-I/usr/Kerberos/include'Ž¡‘0bash$–ffmkdir“apache_x.x.x/src/modules/kerberosŽ¡‘0bash$–ffcp“mod_auth_kerb-x.x.x.c“apache_x.x.x/src/modules/kerberosŽ¡‘0bash$–ff./configure“--prefix=/home/httpd“--add-module=src/modules/Kerberos/mod_auth_kerb.cŽ¡‘0bash$‘ffmakeŽ¡‘0bash$–ffmake“installŽŸŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:329) cvn H.B /DEST pdfmark end¤ ‘0Á€È–€consigliabile“collaudare“Apache“per“vÙ ericarne“il“bÌÐuon“funzionamento;“quando“si“dispone“di“una“copiaŽ¡‘0sicuramente–€funzionante“di“Apache“con“SSL“abilitato,“si“pu€ò“modicare“il“le“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:330) cvn H.B /DEST pdfmark endÊhttpd.conf“Áper“fornireŽ¡‘0l'autenticazione–€kægerberos“per“una“directory‘ÿY .Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:331) cvn H.B /DEST pdfmark endŸ ÕÈ‘0Il–€frammento“che“sešÙ gue“€è“un“esempio“che“abilita“l'autenticazione“KÀerberos“5“per“una“directory“attraÌÐv˜ersoŽ¡‘0il–€modulo“mod_auth_kægerb:ŽŸ /\ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:332) cvn H.B /DEST pdfmark endŸ ƒ×‘0ÊŽ¤ ³3‘@32AllowOverride‘ffNoneŽ¡‘@32AuthType‘ffKerberosV5Ž¡‘@32AuthName–ff"Kerberos“Login"Ž¡‘@32KrbAuthRealm‘ffGNUD.IEŽ¡‘@32require‘ffvalid-userŽ¡‘0ŽŸŸ@ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:microsoft) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÊÆ15ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'F.‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.16) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš9‘xÇ6.4.–ÈMicr¶Josoft“WindoȽwsïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.6.24.2) cvn H.B /DEST pdfmark endŽ‘H©.ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:335) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁLa–€compatibilit€à“fra“lo“standard“KÀerberos“del“MIT“e“la“vÙ ersione“Microsoft“€è“limitata,“a“causa“dellaŽ¤ ‘0imperfetta–€implementazione“dello“standard“KÀerberos“da“parte“di“Microsoft.“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:336) cvn H.B /DEST pdfmark endQu€ìŽ¡‘0(http://www‘ÿY .microsoft.com/windoÀws2000/techinfo/planning/security/kægerbsteps.asp)–€€è“disponibile“unŽ¡‘0documento–€pubblicato“da“Microsoft“che“descriÀvšÙ e“in“che“modo“e“con“che“limiti“la“v˜ersione“viziata“diŽ¡‘0KÀerberos–€prodotta“da“Microsoft“pu€ò“operare“insieme“con“quella“standard.ŽŸ j8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïQps:SDict begin [ /View [/XYZ H.V] /Dest (0:programming) cvn H.B /DEST pdfmark endŸ+BTÃ7.–ͽLa“prš§Œogrammazione“con“K½°erber˜osïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0.7.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:api) cvn H.B /DEST pdfmark endŸ#¬å‘0Ç7.1.–ÈL‘ýûñ'API“di“KȽerber¶Josïps:SDict begin H.S endïps:SDict begin 18.72 H.A endïLps:SDict begin [ /View [/XYZ H.V] /Dest (0.7.25.2) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:341) cvn H.B /DEST pdfmark endŸ Ñò‘0ÁLe–€librerie“di“sviluppo“di“KÀerberos“permettono“di“abilitare“qualsiasi“applicazione“all'autenticazione“conŽ¡‘0KÀerberos.–€Sono“due“le“librerie“principali,“una“di“uso“generale“usata“per“la“semplice“autenticazione“e“unaŽ¡‘0libreria–€di“amministrazione“utile“per“svÌÐolgere“funzioni“amministratiÀvÙ e“quali“le“operazioni“sui“principal.Ž¡‘0Nei–€sistemi“GNU“Linux“deri•Àv“ati–€da“Fedora,“il“pacchetto“rpm“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:342) cvn H.B /DEST pdfmark endÊkrb5-devel“Ácontiene“le“librerie“diŽ¡‘0sviluppo–€e“la“documentazione.“Una“descrizione“dell'API“per“queste“librerie“si“troÙ vÀa“nellaŽ¡‘0documentazione–€di“kægerberos,“inclusa“nella“maggior“parte“delle“distribÌÐuzioni;“nei“deri•Àv“ati–€di“Fedora“siŽ¡‘0installa–€nel“percorso:“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:343) cvn H.B /DEST pdfmark endÊ/usr/share/doc/krb5-devel-1.2.2/apiÁ.Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:344) cvn H.B /DEST pdfmark endŸ ÕÈ‘0La–€documentazione“€è“nel“formato“LaT‘ÿLÐeX;“per“consultarla“si“deÀvÌÐono“generare“da“essa“i“le“dvi“che“poiŽ¡‘0possono–€leÙ ggersi“con“il“programma“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:345) cvn H.B /DEST pdfmark endxdvi.“Per“fægar“ci€ò“si“usano“i“comandi:Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:346) cvn H.B /DEST pdfmark endŸ ïps:SDict begin H.S endïps:SDict begin 11.7 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:347) cvn H.B /DEST pdfmark endŸ ˆû‘0Êbash$–ffcd“/usr/share/doc/krb5-devel-x.x.x/api/Ž¤ ³3‘0bash$‘ffsuŽ¡‘0bash#‘ffmakeŽ¡‘0bash#‘ff(^d)Ž¡‘0bash$–ffxdvi“library.dviŽŸŸ @ïps:SDict begin H.S endïps:SDict begin 13 H.A endïMps:SDict begin [ /View [/XYZ H.V] /Dest (0:sources) cvn H.B /DEST pdfmark endŸ4‚Nó!ú¼j phvb8tÌA.–ðFonti“di“appr••Üof“ondimentoïps:SDict begin H.S endïps:SDict begin 26.957 H.A endïGps:SDict begin [ /View [/XYZ H.V] /Dest (1.0) cvn H.B /DEST pdfmark endŽŸJÐïps:SDict begin H.S endïps:SDict begin 13 H.A endïKps:SDict begin [ /View [/XYZ H.V] /Dest (0:links) cvn H.B /DEST pdfmark endŸ)!¼ÃA.1.–ͽCollegamenti“a“documenti“perXstinentiïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (1.8.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:352) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:353) cvn H.B /DEST pdfmark endŸœ‚‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:354) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:355) cvn H.B /DEST pdfmark endÁKÀerberos–€V5“Installation“GuideŽŸ ‘:(http://web™Ÿ.mit.edu/kægerberos/www/krb5-1.2/krb5-1.2.6/doc/install_toc.html)ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:356) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÉÊ@Æ16ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'\¶‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.17) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xïcolor push BlackÉ€ˆï color popŽŽ’‚ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:357) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:358) cvn H.B /DEST pdfmark endÁKÀerberos–€V5“UNIX“User'‘ÿs8s“GuideŽ¤ ’‚(http://web™Ÿ.mit.edu/kægerberos/www/krb5-1.2/krb5-1.2.6/doc/userÌÐ-guide_toc.html)Ž‘H©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:359) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:360) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:361) cvn H.B /DEST pdfmark endÁKÀerberos–€V5“System“Administrator'‘ÿs8s“GuideŽ¡‘:(http://web™Ÿ.mit.edu/kægerberos/www/krb5-1.2/krb5-1.2.6/doc/admin_toc.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:362) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:363) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:364) cvn H.B /DEST pdfmark endÁUpgrading–€to“KšÀerberos“V5“from“K˜erberos“V4Ž¡‘:(http://web™Ÿ.mit.edu/kægerberos/www/krb5-1.2/krb5-1.2.6/doc/krb425_toc.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:365) cvn H.B /DEST pdfmark end¤ÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:366) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:367) cvn H.B /DEST pdfmark endÁKÀerberos–€F‘ÿBA‘ÿs8Q“(http://www–ÿY .nrl.naÌÐvy“.mil/CCS/people/k•ægenh/k“erberos-f“aq.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:368) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:369) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:370) cvn H.B /DEST pdfmark endÁDesigning–€an“Authentication“System:“a“Dialog“in“FÙ our“ScenesŽŸ ‘:(http://web™Ÿ.mit.edu/kægerberos/www/dialogue.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:371) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:372) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:373) cvn H.B /DEST pdfmark endÁHošÀw–€T‘ÿ37o“K˜erberize“Y‘þægour“Site“(http://www‘ÿY .ornl.goÙ v/~jar/Ho˜wT‘ÿ37oK˜erb™Ÿ.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:374) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:375) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:376) cvn H.B /DEST pdfmark endÁThe–€Moron'‘ÿs8s“Guide“to“KÀerberos“(http://www‘ÿY .isi.edu/gost/brian/security/kægerberos.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:377) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:378) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:379) cvn H.B /DEST pdfmark endÁAFS–€F‘ÿBA‘ÿs8Q“(http://www‘ÿY .angelre.com/hi/plutonic/afs-fægaq.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:380) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:381) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:382) cvn H.B /DEST pdfmark endÁThe–€KÀerberos“5“API“(http://cryptnet.net/mirrors/docs/krb5api.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:383) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:384) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:385) cvn H.B /DEST pdfmark endÁThe–€KÀerberos“5“Admin“API“(http://cryptnet.net/mirrors/docs/krb5adm_api.html)ŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïNps:SDict begin [ /View [/XYZ H.V] /Dest (0:websites) cvn H.B /DEST pdfmark endŸ+BTÃA.2.–ͽSiti“web“di“interesseïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (1.9.1) cvn H.B /DEST pdfmark endŽž7Eïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:388) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:389) cvn H.B /DEST pdfmark endŸ=w‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:390) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:391) cvn H.B /DEST pdfmark endÁMIT–€KÀerberos“W‘ÿ37ebsite“(http://web™Ÿ.mit.edu/kægerberos/www/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:392) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:393) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:394) cvn H.B /DEST pdfmark endÁThe–€NTP“DistribÌÐution“W‘ÿ37ebsite“(http://www‘ÿY .ntp.orÑðg/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:395) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:396) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:397) cvn H.B /DEST pdfmark endÁList–€of“Public“Stratum“2“NTP“ServÙ ers“(http://www‘ÿY .eecis.udel.edu/~mills/ntp/clock2b™Ÿ.html)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:398) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:399) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:400) cvn H.B /DEST pdfmark endÁOpenAFS–€W‘ÿ37ebsite“(http://www‘ÿY .openafs.orÑðg/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:401) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:402) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:403) cvn H.B /DEST pdfmark endÁHeimdal–€KÀerberos“W‘ÿ37ebsite“(http://www‘ÿY .pdc.kth.se/heimdal/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:404) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:405) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:406) cvn H.B /DEST pdfmark endÁThe–€Crypto“Publishing“Project“(http://www‘ÿY .crypto-publish.orÑðg/)“(Unrestricted“source“for“KÀerberosŽ¤ ‘:source‘€code)ŽŸÊ8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:407) cvn H.B /DEST pdfmark endŸ5È‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:408) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:409) cvn H.B /DEST pdfmark endÁSESAME–€(http://www‘ÿY .cosic.esat.kuleuvÙ en.ac.be/sesame/)“(Secure“European“System“for“ApplicationsŽ¡‘:in–€a“Multi-vÙ endor“En™Ÿvironment)ŽŸÊ8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:rfc) cvn H.B /DEST pdfmark endŸ+¢TÃA.3.–ͽRFC“sull'ar½°gomentoïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (1.10.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:412) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:413) cvn H.B /DEST pdfmark endŸœ‚‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:414) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:415) cvn H.B /DEST pdfmark endÁRFC2744:–€Generic“Security“Service“API“V‘þã×ersion“2:“C-bindingsŽ¡‘:(http://cryptnet.net/mirrors/rfcs/rfc2744.txt)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:416) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:417) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:418) cvn H.B /DEST pdfmark endÁRFC2743:–€Generic“Security“Service“Application“Program“Interfægace,“V‘þã×ersion“2“Update“1Ž¡‘:(http://cryptnet.net/mirrors/rfcs/rfc2743.txt)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:419) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:420) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:421) cvn H.B /DEST pdfmark endÁRFC2712:–€Addition“of“KÀerberos“Cipher“Suites“to“T¦gransport“Layer“Security“(TLS)Ž¡‘:(http://cryptnet.net/mirrors/rfcs/rfc2712.txt)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:422) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:423) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:424) cvn H.B /DEST pdfmark endÁRFC2078:–€Generic“Security“Service“Application“Program“Interfægace,“V‘þã×ersion“2Ž¡‘:(http://cryptnet.net/mirrors/rfcs/rfc2078.txt)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:425) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’É¡HÆ17ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'sV‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.18) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýš‘xïcolor push BlackÉ€ˆï color popŽŽ’‚ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:426) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:427) cvn H.B /DEST pdfmark endÁRFC1964:–€The“KÀerberos“V‘þã×ersion“5“GSS-API“Mechanism“(http://cryptnet.net/mirrors/rfcs/rfc1964.txt)Ž‘H¤*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:428) cvn H.B /DEST pdfmark end©ÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:429) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:430) cvn H.B /DEST pdfmark endÁRFC1510:–€The“KÀerberos“Netwægork“Authentication“Service“(V5)ŽŸ ‘:(http://cryptnet.net/mirrors/rfcs/rfc1510.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:431) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:432) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:433) cvn H.B /DEST pdfmark endÁRFC1509:–€Generic“Security“Service“API“:“C-bindings“(http://cryptnet.net/mirrors/rfcs/rfc1509.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:434) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:435) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:436) cvn H.B /DEST pdfmark endÁRFC1508:–€Generic“Security“Service“Application“Program“InterfægaceŽŸ ‘:(http://cryptnet.net/mirrors/rfcs/rfc1508.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:437) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:438) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:439) cvn H.B /DEST pdfmark endÁRFC1411:–€T‘ÿLÐelnet“Authentication:“KÀerberos“V‘þã×ersion“4“(http://cryptnet.net/mirrors/rfcs/rfc1411.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:440) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:441) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:442) cvn H.B /DEST pdfmark endÁRFC1305:–€Netwægork“T¦gime“Protocol“(V‘þã×ersion“3)“Specication,“Implementation“and“AnalysisŽŸ ‘:(http://cryptnet.net/mirrors/rfcs/rfc1305.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:443) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:444) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:445) cvn H.B /DEST pdfmark endÁRFC1119:–€Netwægork“T¦gime“Protocol“(V‘þã×ersion“2)“Specication“and“ImplementationŽŸ ‘:(http://cryptnet.net/mirrors/rfcs/rfc1119.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:446) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:447) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:448) cvn H.B /DEST pdfmark endÁRFC1059:–€Netwægork“T¦gime“Protocol“(V‘þã×ersion“1)“Specication“and“ImplementationŽŸ ‘:(http://cryptnet.net/mirrors/rfcs/rfc1059.txt)Ž¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:449) cvn H.B /DEST pdfmark end¦‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:450) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:451) cvn H.B /DEST pdfmark endÁRFC958:–€Netwægork“T¦gime“Protocol“(NTP)“(http://cryptnet.net/mirrors/rfcs/rfc958.txt)Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:other-ref) cvn H.B /DEST pdfmark endŸ+BTÃA.4.–ͽAltri“rifÓÅerimentiïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (1.11.1) cvn H.B /DEST pdfmark endŽž7Eïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:454) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:455) cvn H.B /DEST pdfmark endŸ=w‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:456) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:457) cvn H.B /DEST pdfmark endÁ[Applied–€Cryptographó7y]“Second“Edition,“Bruce“Schneier“[ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:458) cvn H.B /DEST pdfmark endISBN:“0-471-11709-9Ž¤ ‘:(http://www‘ÿY .amazon.com/e•Ù x“ec/obidos/tg/detail/-/0471117099/qid%3D1085516723/sr%3D11-Ž¡‘:1/ref%3Dsr%5F11%5F1/103-3431487-6727030?v=glance)]Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:resources) cvn H.B /DEST pdfmark endŸ+BTÃA.5.–ͽRisor½°se“a•ÓÅg“giuntiveïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (1.12.1) cvn H.B /DEST pdfmark endŽŸØ:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:461) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:462) cvn H.B /DEST pdfmark endŸœ‚‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:463) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:464) cvn H.B /DEST pdfmark endÁThe–€KÀerberos“Authentication“System“Mailing“List“(http://mailman.mit.edu/mailman/listinfo/kægerberos)Ž©*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:465) cvn H.B /DEST pdfmark endŸÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:466) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:467) cvn H.B /DEST pdfmark endÁThe–€KšÀerberos“Authentication“System“Mailing“List“Archi˜vÙ esŽ¡‘:(http://mailman.mit.edu/pipermail/kægerberos/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:468) cvn H.B /DEST pdfmark end¤ÕÈ‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:469) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:470) cvn H.B /DEST pdfmark endÁcomp.protocols.k•ægerberos›€(neÀws:comp.protocols.k“erberos)˜UseNet˜NeÀwsgroupŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïOps:SDict begin [ /View [/XYZ H.V] /Dest (0:companies) cvn H.B /DEST pdfmark endŸ+BTÃA.6.–ͽImprese“cÓÅhe“f§Œorniscono“consulenza“specializzata“suŽŸvÉK½°erber§Œosïps:SDict begin H.S endïps:SDict begin 22.464 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (1.13.1) cvn H.B /DEST pdfmark endŽž7Eïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:473) cvn H.B /DEST pdfmark endŸt¼ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:474) cvn H.B /DEST pdfmark endŸ=w‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:475) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:476) cvn H.B /DEST pdfmark endÁCybersafe,–€Ltd.“(http://www‘ÿY .cÙ ybersafe.ltd.uk/)Ž¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:477) cvn H.B /DEST pdfmark end¡‘0ïcolor push BlackÉ€ˆï color popŽŽ‘:ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:478) cvn H.B /DEST pdfmark endïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:479) cvn H.B /DEST pdfmark endÁe-T‘ÿLÐechServices.com,–€Inc.“(http://www‘ÿY .e-techservices.com/solutions/kægerberos/)“IBM“Business“PÙ artnerŽŸ*8ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:480) cvn H.B /DEST pdfmark endŽŸ0‘Hïcolor push Black’ÊÆ18ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'¥„‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.19) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ { ýŸ {‘HÌGlossario–ðdei“terminiïps:SDict begin H.S endïps:SDict begin 26.957 H.A endïGps:SDict begin [ /View [/XYZ H.V] /Dest (2.0) cvn H.B /DEST pdfmark endŽ‘HŸÂRïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:483) cvn H.B /DEST pdfmark endŸ ½®‘0ó"ú phvb8tÍASN.1ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.14.1) cvn H.B /DEST pdfmark endŽ©üïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:484) cvn H.B /DEST pdfmark endŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:485) cvn H.B /DEST pdfmark endŸ à‘DÁAbstract–€Syntax“Notation“One“[notazione“sintattica“astratta“uno].“ASN.1“€è“una“notazione“usata“perŽ¤ ‘DdescriÀvÙ ere–€messaggi,“come“sequenze“di“componenti.“ASN.1“€è“utilizzata“per“rappresentare“ilŽ¡‘Dcontenuto–€dei“datagrammi“di“KÀerberos;“la“sua“conoscenza“€è“utile“soltanto“agli“sviluppatori“diŽ¡‘DapplicatiÀvi.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:487) cvn H.B /DEST pdfmark end¡‘0ÍA³7uthenticatorïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.15.1) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:488) cvn H.B /DEST pdfmark endŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:489) cvn H.B /DEST pdfmark endŸ à‘DÁUn–€record“che“contiene“informazioni“che“possono“essere“esibite“nell'eÀvidenza“che“sono“stateŽ¡‘Dgenerate–€di“recente“usando“la“chiaÌÐvšÙ e“di“sessione“nota“soltanto“al“client“e“al“serv˜er‘ÿs8.“(Denizione“daŽ¡‘Dïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:490) cvn H.B /DEST pdfmark endRFC1510‘€(http://cryptnet.net/mirrors/rfcs/rfc1510.txt))ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:492) cvn H.B /DEST pdfmark end¡‘0ÍCredenzialiïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.16.1) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:493) cvn H.B /DEST pdfmark end©ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:494) cvn H.B /DEST pdfmark endŸ à‘DÁUn–€tickæget“per“il“servšÙ er“e“una“chiaÌÐv˜e“di“sessione“che“€è“utilizzata“per“autenticare“il“principal.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:496) cvn H.B /DEST pdfmark end¡‘0ÍCrÌÐoss-Realm–ǧA³7uthentication“[autenticazione“trasverÙ sale“ai“realm]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.17.1) cvn H.B /DEST pdfmark endŽŸædïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:497) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:498) cvn H.B /DEST pdfmark endŸ œ‘DÁKÀerberos–|Êpu€ò›|Ëconsentire“a˜un“KDC“di“un˜realm“di˜autenticare“un“principal˜in“un˜altro“realm˜se“esisteŽ¡‘Dun–€seÙ greto“condiÀviso“da“entrambi“i“realm;“questa“autenticazione“tra“i“realm“€è“detta“cross-realmŽ¡‘Dauthentication.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:500) cvn H.B /DEST pdfmark end¡‘0ÍData–ǧEncr˜yption“StandarÌÐd“[DES]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.18.1) cvn H.B /DEST pdfmark endŽŸèïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:501) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:502) cvn H.B /DEST pdfmark endŸ î‘DÁUn–€algoritmo“di“cifratura“che“€è“stato“l'algoritmo“uciale“del“Go•Ù v“erno›€de“gli˜Stati˜Uniti,˜sviluppatoŽ¡‘Ddall'IBM–€con“la“collaborazione“della“NSA.“L‘ÿ'algoritmo“€è“un“cifrario“a“blocchi“ssi“di“sediciŽ¡‘Dcaratteri–€che“usa“un“blocco“di“64“bit“e“una“chiaÌÐvÙ e“di“56“bit.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:504) cvn H.B /DEST pdfmark end¡‘0ÍForwar•ÌÐdabægle›ǧTic“ket˜[Tic“ket˜inoltrabile]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.19.1) cvn H.B /DEST pdfmark endŽŸædïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:505) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:506) cvn H.B /DEST pdfmark endŸ œ‘DÁUn–€tickšæget“concesso“dal“KDC“che“consente“agli“utenti“di“richiedere“tick˜et“addizionali“con“indirizzi“IPŽ¡‘Ddierenti;–€in“pratica“si“tratta“di“un“TGT“che“permette“ai“principal“autenticati“di“ottentere“tickæget“vÀalidiŽ¡‘Dper–€altre“macchine“aggiuntiÀvÙ e.ŽŸ@ŽŸ0‘Hïcolor push Black’ÊÆ19ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'Î\‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.20) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:508) cvn H.B /DEST pdfmark endŸ ‘0ÍGeneric–ǧSecurity“Ser˜vices“Application“PrÌÐogramming“Interface“[GSS-API]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.20.1) cvn H.B /DEST pdfmark endŽŸ9“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:509) cvn H.B /DEST pdfmark end©ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:510) cvn H.B /DEST pdfmark endŸ Æm‘DÁUn–€insieme“di“associazioni“del“linguaggio“C“che“fornisce“servizi“di“sicurezza“alla“funzioneŽ¤ ‘Dchiamante;–€l'API“pu€ò“essere“implementata“su“všÀari“sistemi“di“crittograa,“fra“i“quali“K˜erberos.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:512) cvn H.B /DEST pdfmark end¡‘0ÍK•Ù e“y–ǧDistribÌÐution“Center“[KDC]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.21.1) cvn H.B /DEST pdfmark endŽŸèïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:513) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:514) cvn H.B /DEST pdfmark endŸ î‘DÁLa–€macchina“e“il“softwægare“che“rišÀvÙ este“il“ruolo“di“arbitro“di“ducia“nel“protocollo“K˜erberos.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:516) cvn H.B /DEST pdfmark end¡‘0ÍKÙ erberÌÐosïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.22.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:517) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:518) cvn H.B /DEST pdfmark endŸ à‘DÁUn–cŽprotocollo“di“autenticazione“che“si“appoggia“a“una“terza“parte“data“(arbitro)“per“l'autenticazioneŽ¡‘Ddei–€client“in“una“rete“TCP“IP‘þã×.“Il“protocollo“€è“stato“progettato“in“modo“che“sulla“rete“siano“trasmessiŽ¡‘Dtickšæget–€cifrati“anzich€é“passw˜ord“in“chiaro,“gó7arantendo“l'autenticazione“sicura“attraÌÐvÙ erso“la“rete.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:520) cvn H.B /DEST pdfmark end¡‘0ÍKÙ erberiz˜eïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.23.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:521) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:522) cvn H.B /DEST pdfmark endŸ à‘DÁ[Neologismo–€americano“che“si“€è“preferito“tradurre“con“circumlocuzioni,“essendo“poco“in“usoŽ¡‘Dl'omologo–€italiano.“-“NdT]“(vÙ erbo“transitiÀvÌÐo)“L‘ÿ'azione“di“modicare“un“sistema,“un“servizio“o“unŽ¡‘Dprogramma–gèin“maniera“che“utilizzi“KšÀerberos‘gçper“l'autenticazione.“(aggetti˜vÌÐo“kægerberized)“Un“sistema,Ž¡‘Dservizio–€o“programma“che“supporta“l'autenticazione“attraÌÐvÙ erso“KÀerberos.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:524) cvn H.B /DEST pdfmark end¡‘0ÍNetwšÌÐork–ǧTime“Pr˜otocol“[NTP]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.24.1) cvn H.B /DEST pdfmark endŽŸædïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:525) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:526) cvn H.B /DEST pdfmark endŸ œ‘DÁUn–€protocollo“usato“per“sincronizzare“gli“orologi“dei“computer“e“dei“router“in“internet.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:528) cvn H.B /DEST pdfmark end¡‘0ÍP™Ÿostdatabægle–ǧticšÌÐket“[Tic˜ket“postdatato]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.25.1) cvn H.B /DEST pdfmark endŽŸèïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:529) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:530) cvn H.B /DEST pdfmark endŸ î‘DÁIn–€KšÀerberos“5,“un“tickæget“che“non“€è“v˜alido“inizialmente“e“che“lo“di˜vÙ enter€à“in“futuro;“i“tickæget“K˜erberosŽ¡‘Dnormali–€sono“vÀalidi“dal“momento“della“richiesta“a“quello“della“scadenza.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:532) cvn H.B /DEST pdfmark end¡‘0ÍPreauthenticationïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.26.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:533) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:534) cvn H.B /DEST pdfmark endŸ à‘DÁAutenticazione›€aggiunti•Àv“a˜che˜ha˜luogo˜prima˜che˜un˜KDC˜conceda˜un˜TGT˜a˜un˜principal;˜unŽ¡‘Desempio–€pu€ò“essere“la“soddisfægazione“dei“requisiti“di“un“sistema“biometrico.ŽŸ@ŽŸ0‘Hïcolor push Black’ÊÆ20ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'åÀ‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.21) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:536) cvn H.B /DEST pdfmark endŸ ‘0ÍPrincipalïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.27.1) cvn H.B /DEST pdfmark endŽ¤èïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:537) cvn H.B /DEST pdfmark end©ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:538) cvn H.B /DEST pdfmark endŸ î‘DÁUn–€utente“o“servšÙ er“per“il“quale“il“KDC“conservÀa“una“chiaÌÐv˜e“se˜greta“nel“proprio“database.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:540) cvn H.B /DEST pdfmark endŸ ‘0ÍPr•ÌÐo³7xiabægle›ǧTic“ket˜[Tic“ket˜per˜pr“ocura]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.28.1) cvn H.B /DEST pdfmark endŽ¡ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:541) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:542) cvn H.B /DEST pdfmark endŸ î‘DÁIn–€KšÀerberos“5,“un“tickæget“che“permette“di“richiedere“un“TGT“per“un“indirizzo“IP“alternati˜vÌÐo.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:544) cvn H.B /DEST pdfmark end¤ ‘0ÍRealmïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.29.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:545) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:546) cvn H.B /DEST pdfmark endŸ à‘DÁL‘ÿ'ambito–€della“distribÌÐuzione“di“KÀerberos;“precisamente,“il“dominio“dell'orÑðgó7anizzazione“per“cui“ilŽ¡‘DKDC–€€è“considerato“di“ducia“e“pu€ò“autenticare“i“principal.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:548) cvn H.B /DEST pdfmark end¡‘0ÍReneÙ wabægle–ǧTicšÌÐket“[Tic˜ket“Rinno˜v˜abile]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.30.1) cvn H.B /DEST pdfmark endŽŸædïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:549) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:550) cvn H.B /DEST pdfmark endŸ œ‘DÁIn–fuKÀerberos“5,›ftun“tickæget“con“una“durata˜di“rinnoÙ vÌÐo“in“aggiunta“alla˜durata“ordinaria“del“tickšæget.“I‘fntick˜etŽ¡‘DrinnoÙ všÀabili–€possono“essere“usati“per“acquisire“ulteriori“tickæget“dal“KDC“nch€é“sono“v˜alidi;“i“tickægetŽ¡‘DrinnošÙ vÀati–€possono“essere“richiesti“no“alla“scadenza“di“rinno˜vÌÐo“del“tickæget“rinno˜vÀabile“originario.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:552) cvn H.B /DEST pdfmark end¡‘0ÍSaltïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.31.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:553) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:554) cvn H.B /DEST pdfmark endŸ à‘DÁUn–€seme“usato“nella“cifratura“delle“passwægord“per“aumentare“il“numero“dei“risultati“che“€è“possibileŽ¡‘Dottenere–€come“testo“cifrato“a“partire“dallo“stesso“testo“in“chiaro;“l'uso“del“seme“€è“una“misura“cheŽ¡‘DproteÙ gge–€le“passwægord“cifrate“dagli“attacchi“del“dizionario.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:556) cvn H.B /DEST pdfmark end¡‘0ÍStash‘ǧFileïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.32.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:557) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:558) cvn H.B /DEST pdfmark endŸ à‘DÁIl–€le“do•Ù v“e–€sono“conservÀate“le“chiaÌÐvi“seÙ grete.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:560) cvn H.B /DEST pdfmark end¡‘0ÍTicÌÐketïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.33.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:561) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:562) cvn H.B /DEST pdfmark endŸ à‘DÁUn–€messaggio“formato“dall'identit€à“del“client,“una“chiaÌÐvÙ e“di“sessione,“un“riferimento“temporale“eŽ¡‘Daltre–fþinformazioni,›fÿtutte“cifrate˜con“la“chiaÌÐv•Ù e˜se“greta‘fþdel˜serv“er;–fþ€è“usato˜per“costruire˜il“procedimentoŽ¡‘Ddi‘€autenticazione.ŽŸ@ŽŸ0‘Hïcolor push Black’ÊÆ21ŽŽŽŽŽŽŽ’Ôï color popŽŽŒ‹'þI‘·ºâŸ·ºâïþps:SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end ç ýU‘Hïcolor push Blackïcolor push gray 0ïps:SDict begin H.S endïcolor push gray 0ï color popŽïps:SDict begin H.R endïKps:SDict begin [ /View [/XYZ H.V] /Dest (page.22) cvn H.B /DEST pdfmark endï color popŸüfd’PÆK¦gerberŒÏos–€InfrÙ astructur¡Ge“HO‘ÿÿWTÑðOŽŽŽŽŽŽŽ’Ôï color popŽŽ {‘H ýïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:564) cvn H.B /DEST pdfmark endŸ ‘0ÍTicÌÐket–ǧGranting“Ser˜vice“[TGS]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.34.1) cvn H.B /DEST pdfmark endŽ©9“ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:565) cvn H.B /DEST pdfmark endŸïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:566) cvn H.B /DEST pdfmark endŸ Æm‘DÁUn–€servizio“che“€è“autorizzato“e“orÑðgó7anizzato“per“rilasciare“tickæget“ai“client“dopo“che“essi“hannoŽ¤ ‘DriceÀvuto–€un“Tš¦gickæget“Granting“T˜ickæget“(TGT).ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:568) cvn H.B /DEST pdfmark end¡‘0ÍTicšÌÐket–ǧGranting“Tic˜ket“[TGT]ïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.35.1) cvn H.B /DEST pdfmark endŽ¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:569) cvn H.B /DEST pdfmark end©ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:570) cvn H.B /DEST pdfmark endŸ Æm‘DÁUn–€tickæget“contentente“una“chiaÌÐvÙ e“di“sessione“utilizzabile“per“la“comunicazione“fra“i“client“e“il“KDC.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:572) cvn H.B /DEST pdfmark end¡‘0ÍT‘ÿ37ransitive–ǧCrÌÐoss-Realm“A³7uthenticationïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.36.1) cvn H.B /DEST pdfmark endŽŸüïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:573) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:574) cvn H.B /DEST pdfmark endŸ à‘DÁIn–€KÀerberos“5,“la“possibilit€à“di“formare“una“catena“di“ducia“attraÌÐvÙ erso“i“realm“in“modo“che“se“unŽ¡‘Dprincipal–€nel“realm“X“ha“bisogno“di“autenticare“un“principal“nel“realm“Z,“non“€è“necessario“che“ilŽ¡‘DKDC–€del“realm“X“condišÀvida“un“seÙ greto“con“il“realm“Z,“se“entrambi“condi˜vidono“un“seÙ greto“con“ilŽ¡‘Drealm–€Y‘ÿ;“quest'ultimo“funge“da“intermediario“nel“percorso“di“ducia.ŽŸ@Ÿ€ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:576) cvn H.B /DEST pdfmark end¡‘0ÍT‘ÿ37riple‘ǧDESïps:SDict begin H.S endïps:SDict begin 13 H.A endïJps:SDict begin [ /View [/XYZ H.V] /Dest (2.37.1) cvn H.B /DEST pdfmark endŽŸèïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:577) cvn H.B /DEST pdfmark end¦ïps:SDict begin H.S endïps:SDict begin 13 H.A endïIps:SDict begin [ /View [/XYZ H.V] /Dest (0:578) cvn H.B /DEST pdfmark endŸ î‘DÁUna–€vÀariante“di“DES“che“cifra“i“dati“tre“všÌÐolte“con“DES,“usando“due“chia˜vi“dierenti.ŽŸ@ŽŸ0‘Hïcolor push Black’ÊÆ22ŽŽŽŽŽŽŽ’Ôï color popŽŽŒøă’À;誺âÓºâ ó"ú phvb8tó!ú¼j phvb8tó‰š pcrr8tóXlï' ptmr8cóúff phvb8tóϯ8 ptmri8tóáÚŽ phvr8tóú phvb8tóúG® phvb8tóúâ phvb8tó?Á|‰ ptmr8tù$™ßßßßß