Version 5 was the first version that achieved use beyond MIT for administrative purposes. While many users found it helpful, it had a few shortfalls. Thus, version 5 of this authenticating tool addressed most issues raised by those who used version 4. Also, version 5 is useful in more environments and situations than version 4.
This article will highlight several differences between Kerberos 5 (KBR5) and Kerberos 4. This article will also provide a step-by-step guide on checking the Kerberos Linux on your Linux.
Differences Between Version 4 and Version 5
The following table provides some notable differences between the Kerberos version 4 and Kerberos version 5:
|Kerberos Version 4||Kerberos Version 5|
|Launched in the late 1980s||Launched in 1993|
|Provides ticket support||It provides ticket support and additional functions to renew, forward, and post-date tickets|
|Works on the principle that the receiver will always make the right encoding system||Utilizes the ASN.1 encoding system|
|Encrypts using Data Encryption Standard||It can use any encryption method since the cipher text always has an encryption identifier|
|It specifies ticket lifetimes in units for each lifetime of 5 mins||You can enjoy the freedom of arbitrary time when specifying ticket lifetimes|
Step by Step Guide on How To Check the Kerberos Version in Your Linux
Of course, you should always know the version of your Kerberos before you consider configuring your Linux for authentication. The following steps will come in handy;
Step1: Check if Your Linux Machine Has a Kerberos Installation
Notably, you will only check your Kerberos version if you do not have Kerberos on your Linux. Thus, the first step will be to check if you have Kerberos installed on your computer. The following command should come in handy:
Step 2: Use the Kinit Tool To Create Yourself a Ticket
The Kinit tool comes in handy in obtaining and caching Kerberos tickets. So, it would be appropriate to use the tool to create a ticket. Without Kerberos tickets, authenticating or getting the details of your Kerberos can be a nightmare. The syntax for the Kinit command is
[-V] [-l lifetime] [-s] [-r] [-p | -P] [-f or -F] [-a] / [-A] [-C] [-E] [-v] [-R] [-k [-t] [-c cache_name] [-n] [-S] [-T armor_ccache] [-X [=value]] [principal]
A ticket with a lifetime of 5 days and 10 hours for user KenHint will often look like this:
Step 3: Use the Klist Tool To Check Your Credentials
Once you create a ticket, you can view the credentials using the Klist tool. The Klist command is another widely used Kerberos Linux command. Its synopsis is klist
[-e] [[-c] [-l] [-A] [-f] [-s] [-a [-n]]] [-k [-t] [-K]] [cache_name | keytab_name]
Usually, your credentials will always look like this:
Step 4: Check the Kerberos Packages Installed
You need to know all the packages installed in your Linux Kerberos. Indeed, your list of packages will always have details similar to the ones on the following screenshot. Note that your realm and user names will always change to reflect your actual details.
Step 5: Check Your Kerberos Version
Finally, it is time to determine the version of Kerberos installed in your Linux machine. The following command will help you check the correct Kerberos version in your Linux:
With this article’s information, I believe you can determine the Kerberos version on your Linux. This plays a significant role in using Kerberos correctly since each version has a different functional level. Still, it is vital to note that you should continue using Version 5 as it is the most developed and offers an array of capabilities.