Ask the Expert

How Kerberos, PKI and IPsec interoperate

Are Kerberos, PKI and IPsec interoperable?

    Requires Free Membership to View

Yes, all three are interoperable. The real question is, how? Since these are three separate and totally unrelated systems, let's examine each.

PKI (public key infrastructure), is a repository and management system for digital certificates. It can be the central authority in an organization for issuing, managing, storing, verifying, distributing and (eventually) retiring such certificates.

IPsec is a secure encrypted tunnel between two hosts communicating openly over the Internet. It's used in VPNs (virtual private networks) to provide authentication and confidentiality for traffic sent between the hosts.

Kerberos is an intricate encryption system that uses a series of tickets created and distributed by a central Kerberos server. It maintains security by issuing unique tickets for each session and transaction. Windows 2000, Windows XP and Windows 2003 Server are examples of systems that can use Kerberos.

How does it all come together? IPsec can use Kerberos for authentication and PKI to manage its digital certificates. There are packages available for mixing, matching and integrating all three systems. However, before any implementation, you should thoroughly evaluate their impact on the performance of your systems. You should also look at the number of users you have and their needs.

Each of the three systems has its pluses and minuses. PKI is not universal, Kerberos can be tricky to implement and install, and IPsec can be successfully set up without using either. Again, the best advice is to evaluate and plan before implementation.


More Information
 

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: