Q

How Kerberos, PKI and IPsec interoperate

In this Ask the Expert Q&A, our identity and access management expert explains how these three unrelated systems interoperate to authenticate and manage digital certificates.

Are Kerberos, PKI and IPsec interoperable?

Yes, all three are interoperable. The real question is, how? Since these are three separate and totally unrelated systems, let's examine each.

PKI (public key infrastructure), is a repository and management system for digital certificates. It can be the central authority in an organization for issuing, managing, storing, verifying, distributing and (eventually) retiring such certificates.

IPsec is a secure encrypted tunnel between two hosts communicating openly over the Internet. It's used in VPNs (virtual private networks) to provide authentication and confidentiality for traffic sent between the hosts.

Kerberos is an intricate encryption system that uses a series of tickets created and distributed by a central Kerberos server. It maintains security by issuing unique tickets for each session and transaction. Windows 2000, Windows XP and Windows 2003 Server are examples of systems that can use Kerberos.

How does it all come together? IPsec can use Kerberos for authentication and PKI to manage its digital certificates. There are packages available for mixing, matching and integrating all three systems. However, before any implementation, you should thoroughly evaluate their impact on the performance of your systems. You should also look at the number of users you have and their needs.

Each of the three systems has its pluses and minuses. PKI is not universal, Kerberos can be tricky to implement and install, and IPsec can be successfully set up without using either. Again, the best advice is to evaluate and plan before implementation.


More Information
 

This was first published in November 2005

Dig deeper on PKI and Digital Certificates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close