Mike edited this page Nov 17, 2018 · 12 revisions

#Welcome to the Heimdal wiki!

What is Heimdal/Kerberos?

Heimdal is a free implementation of the Kerberos V network authentication protocol, which is a system for authenticating users and services on a network.

It is built upon the assumption that the network is “unsafe”. For example, data sent over the network can be eavesdropped and altered, and addresses can also be faked. Therefore they cannot be used for authentication purposes. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called principals). All principals share a secret password (or key) with the kerberos server and this enables principals to verify that the messages from the kerberos server are authentic. Thus trusting the kerberos server, users and services can authenticate each other.

The name Kerberos comes from Κέρϐερος in Greek or Cerberus in Latin, it describes the fierce three-headed dog with the tail of a dragon, and the heads of multiple snakes along his back who stands vigilantly in place to prevent the passage of unauthorized persons. -Apollodorus II. v. xi-xii.

Read a more technical explanation on Kerberos, attacks, and strategies.

The goals of Heimdal are to:

  • Have an implementation that can be freely used by anyone
  • Be protocol compatible with existing implementations and, if not in conflict, with RFC 4120 (and any future updated RFC). RFC 4120 replaced RFC 1510.
  • Be reasonably compatible with the M.I.T Kerberos V5 API
  • Have support for Kerberos V5 over GSS-API (RFC1964)
  • Include the most important and useful application programs (rsh, telnet, popper, etc.)

Other free versions of Kerberos are available from MIT and Shishi. Microsoft Windows and Sun's Java come with implementations of Kerberos.

Code/Download

The code is currently at release 1.5 and is available at www.h5l.org/dist/ and is mirrored by Sunet. Also available are the source code and older release histories. You can browse the source code using repo.or.cz or github.

Heimdal git repository

To pull down the Heimdal git repository use the following commands. To read more about git, read the Git Community book.

git clone git://svn.h5l.org/heimdal.git

Heimdal master (development branch)

git clone git://svn.h5l.org/heimdal.git

cd heimdal

autoreconf -f -i

Heimdal 1.5 release branch

git clone git://svn.h5l.org/heimdal.git

cd heimdal

git checkout -b heimdal-1-5-branch origin/heimdal-1-5-branch

autoreconf -f -i

All code is signed with Heimdal's signing key.

Project Acknowledgements
Heimdal / Kerberos Copyrights and Licenses information

Bug reports, Project Status, Contributions, and Mailing list

There are several ways you can contribute to the Heimdal Project, follow the projects status, submit bug reports or subscribe to the mailing lists.

Bug reports, Project Status, and Mailing list

Heimdal documentation

Heimdal API documentation

  • GSS-API - GSS-API interface
  • krb5 - Kerberos 5 API
  • ntlm - NTLMv1 and v2 API
  • wind - stringprep library with unicode functions
  • hx509 - X.509 library
  • hcrypto - Crypto library, API compatible with OpenSSL's libcrypto (enough for Heimdal to link with either)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.