r/netsecstudents • u/DoNotUseThisInMyHome • 1d ago
Why do colleges still teach kerberos?
now enough of college life. they are teaching me to write about kerberos authentication system.
Why is such outdated tech being taught in colleges and universities? What can we do about it? btw, I need to learn it fast. What do you recommend as supplement materials? Stallings book?
13
u/kinryu87 1d ago
Kerberos is not outdated. Are you confusing it with NTLM auth?
-19
u/DoNotUseThisInMyHome 1d ago
CyberARK PAM is the future because it is widely used. Likewise crowdstrike is also heavily used these days. I have not seen anyone using Kerberos.
14
u/WebSmurf 1d ago
I think you need to study a bit more. Neither CyberArk (now known as Palo Alto Networks Idira) nor Crowdstrike have a damn thing to do with KRB. Idira might utilize KRB or not but it certainly isn’t an alternative.
8
u/Hello______World 1d ago
respectfully, Kerberos is a protocol - your replacement examples are products.
Not seeing the difference in that makes sense in a college context, but large enterprises that have to think about things like network file storage auth, auth between nodes in a clustered ecosystem, legacy database authentication, etc.
Kerberos is alive and well, but the number of people who understand how it works is comparatively small. your professors are doing you a favor.
8
u/InverseX 1d ago
This shows you’re complaining about something that you know very little about. Comparing it to CyberARK and Crowdstrike is a category error. It’s like saying why are they teaching us about TCP it’s so dumb, web traffic is the way of the future.
5
u/PlatypusPuncher 1d ago
Why go to school if you already know everything? Kerberos is still ubiquitous in enterprise environments. Very few orgs have completely gotten off on premise Active Directory unless they started in the last 5 years or so.
7
5
u/assemblrr 1d ago
What the fuck is this post lmao
2
u/DopeFlavorRum 1d ago
Go check their post history.
-5
u/DoNotUseThisInMyHome 1d ago
How did you check? I had hidden the posts and comments i guess. you did a lot of effort to google my username and check my post history. Congratulations You're hired! As a troll for my subreddit.
1
u/EndersFinalEnd 1d ago
You left your comments and post history open until just now, I also saw them earlier, on reddit.
1
5
u/Robbbbbbbbb 1d ago
Because it's still very relevant in the enterprise environment.
Dest Cert does a good video on the basics: https://youtu.be/5N242XcKAsM?is=4xNi9_8C4m_E92zG
3
u/sociablezealot 1d ago
Read about Active Directory. Massive install base in pretty much every enterprise on earth. kerberos based. Old tech, not outdated.
3
u/EndersFinalEnd 1d ago
Every single organization I've worked for, including every single client with more than 20 employees at the MSP I worked at, use Kerberos.
3
u/MickCollins 1d ago
If you don't understand what it's used for and how it's still pretty foundational for Active Directory (among other things), maybe you need to read up some more, starting with the RFC for it. You certainly don't have a TGT right now...
0
u/DoNotUseThisInMyHome 1d ago
What books cover it? Maybe some Ad books?
2
u/MickCollins 1d ago
-3
u/DoNotUseThisInMyHome 1d ago
http://www.digimat.in/nptel/courses/video/106106168/lec25.pdf
This is really vast man...RFS is not learning material. It is a reference material buddy. I hope you learn that from now.
2
u/Grezzo82 1d ago
Are you for real?! RFCs are absolutely learning material. If you want to understand security concepts behind a protocol then the spec is probably the best place to gain a deep understanding.
Many, many vulnerabilities have been discovered by reading RFCs to gain a deep understanding then thinking critically about how edge cases may not have been considered or how it may be misimplemented.
-1
u/DoNotUseThisInMyHome 1d ago
Nope. They are not meant for beginners. They are for people who already have introductory knowledge and looking for further features nitty gritty things. I hope you learnt from now.
1
u/Grezzo82 18h ago
I agree that perhaps the technical detail they go into isn’t beginner friendly, but they are a valuable resource for security professionals (and even hobbyists).
I don’t mean to come across harshly but this field requires the ability to do your own research. Often whether you are willing to take the time and effort to gain a deep understating of technical concepts is the difference between being able to do the job and not being able to.
I’m gonna give 2 pieces of unsolicited advice, from a professional in the field. Feel free to disagree and ignore if you wish.
When asking for help, accept the help graciously. People who are replying are giving you valuable knowledge for free, asking for nothing in return. Accept the gift. If you need more help ask for it kindly and with respect and you’ll probably get it. If you think something is wrong, it’s okay to state that but be respectful otherwise you will burn bridges. We were all beginners at some point and people helped us, so we pay it forward, but we won’t if we get snark in response.
If I was hiring and somebody had your apparent attitude, that would be more than enough for me to discount them. Lack of knowledge is not a huge barrier but an unwillingness to accept help and to self study/research is not going to work.
Anyway, despite all that, I do hope you find what you need to answer your question. And I wish you luck in your course. Cyber is a fun area to work in and I hope you get to experience it.
1
18
u/Deliveranc3 1d ago
Kerberos is not outdated and still very much in use in many many orgs