Yes, all three are interoperable. The real question is, how? Since these are three separate and totally unrelated...
systems, let's examine each.
PKI (public key infrastructure), is a repository and management system for digital certificates. It can be the central authority in an organization for issuing, managing, storing, verifying, distributing and (eventually) retiring such certificates.
IPsec is a secure encrypted tunnel between two hosts communicating openly over the Internet. It's used in VPNs (virtual private networks) to provide authentication and confidentiality for traffic sent between the hosts.
Kerberos is an intricate encryption system that uses a series of tickets created and distributed by a central Kerberos server. It maintains security by issuing unique tickets for each session and transaction. Windows 2000, Windows XP and Windows 2003 Server are examples of systems that can use Kerberos.
How does it all come together? IPsec can use Kerberos for authentication and PKI to manage its digital certificates. There are packages available for mixing, matching and integrating all three systems. However, before any implementation, you should thoroughly evaluate their impact on the performance of your systems. You should also look at the number of users you have and their needs.
Each of the three systems has its pluses and minuses. PKI is not universal, Kerberos can be tricky to implement and install, and IPsec can be successfully set up without using either. Again, the best advice is to evaluate and plan before implementation.
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.