https://stackoverflow.com/questions/21602683
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAccording to link (in your question), you've run command: sudo apt-get install krb5-kdc krb5-admin-server. This command installs Kerberos KDC in version 5. The exact version number depends on version of your Ubuntu: https://launchpad.net/ubuntu/+source/krb5.
Generally there are two API versions of Kerberos (4 - almost completely extinct) and 5 (currently used). There are 3 variants of version 5. They can be distinguished by OID (object identifier), which can be found in Kerberos ticket, in SPNEGO token, caught by Wireshark:
OID: 1.3.5.1.5.2 - Kerberos 5, RFC 1510 (obsolete) https://www.rfc-editor.org/rfc/rfc1510#section-8.2.2
OID: 1.3.6.1.5.2 - Kerberos 5, RFC 4120 (current) https://www.rfc-editor.org/rfc/rfc4120#section-7.4 (this most probably would be sending Ubuntu implementation)
OID: 1.2.840.113554.1.2.2.1 (or OID 1.2.840.48018.1.2.2) - Microsoft Kerberos 5, RFC 1964 & MS-KILE - http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/%5BMS-KILE%5D.pdf, section 3.1.1.6. This one I'm getting from Active Directory on Windows 2008 Server.
Implementation of Kerberos (i.e. GSS-API) is also standarized, there's version 1 and 2. Standard SSO scenarios require only basic features (from version 1) which are widely implemented.
Implementations differ a lot, i.e. it's getting much better with time, more and more features from RFCs are implemented, so it's best to use components in latest versions.
