Kerberos

Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications using secret-key cryptography. The Kerberos network authentication protocol assumes that services and workstations communicate over an insecure network. It allows clients and servers to do either one way, or two way (mutual) authentication. It allows for data encryption and prevents passwords from having to be retyped to access networked services and also prevents their transmission in plain text over the network. This feature can help reduce the need to manage multiple passwords.

z/OS® Integrated Security Services ships Kerberos version 5. You should write new applications to Kerberos version 5 and use z/OS Integrated Security Services.

The following Communications Server IP applications include support for the Kerberos version 5 security protocol:

• The UNIX System Services Telnet server allows clients supporting Kerberos version 5 (as described in RFC 1416) to log in to the shell environment using Kerberos as the authentication protocol.
• The FTP client and server support connections to or from other clients and servers supporting Kerberos version 5 authentication for the FTP protocol (as described in RFC 2228).
• The UNIX System Services RSH server can be configured to support client authentication using Kerberos from RSH clients supporting Kerberos version 5.