f



kerberos and LDAP.

hi :), Can someone list me  the kerberos servers that
store the principal information in the directory. we
want to integrate the user info in ldap with the
authentication info of kerberos. Is there any kerberos
server and ldap server with this kind of a support?
thanks you in advance.


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
ban_medha (1)
4/28/2004 10:13:51 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

2 Replies
494 Views

Similar Articles

[PageSpeed] 29

>>>>> "Medha" == Medha B <ban_medha@yahoo.com> writes:

    Medha> hi :), Can someone list me the kerberos servers that store
    Medha> the principal information in the directory. we want to
    Medha> integrate the user info in ldap with the authentication
    Medha> info of kerberos. Is there any kerberos server and ldap
    Medha> server with this kind of a support?  thanks you in advance.

http://www.bayour.com/LDAPv3-HOWTO.html
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
turbo (33)
4/28/2004 11:46:30 AM
Hello medha,

The latest verision on HP-UX Kerberos server 3.1, will have the 
necessary support to store Kerberos principals in the LDAP directory. 
The product will be available soon on http://software.hp.com.

Please let me know if you have any further queries w.r.t how to 
configure etc.

best regards,
Shankar


Medha B wrote:
> hi :), Can someone list me  the kerberos servers that
> store the principal information in the directory. we
> want to integrate the user info in ldap with the
> authentication info of kerberos. Is there any kerberos
> server and ldap server with this kind of a support?
> thanks you in advance.
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Win a $20,000 Career Makeover at Yahoo! HotJobs  
> http://hotjobs.sweepstakes.yahoo.com/careermakeover 
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

0
rshankar (1)
4/30/2004 5:29:44 AM
Reply:

Similar Artilces:

Trouble authenticating with Kerberos & LDAP
I've been very frustrated trying to get this to work. We are trying to use a windows 2003 server as our Kerberos server, along with our openldap on solaris as our directory server. The machines we want to authenticate on are all Solaris 9. The ldap tree is fully populated, and working properly. With our current nsswitch.conf, logins work using the ldap directory (with posixAccount & shadowAccount records), as does a getent passwd <ldapusername>. Also, we have our Windows 2003 server's directory setup with named users, and with our current pam.conf, we can authenticate aga...

replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Hi all Since we are migrating from Debian to RedHat, we are considering replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT Kerberos server (again with LDAP back-end) since RedHat packages are only available for MIT Kerberos. In order to make this migration/upgrade as transparent as possible for our users, we want to convert all the necessary info in the Heimdal back-end to the MIT back-end. Are there any pointers available for this kind of operation? E.g. things like conversion tables mapping the corresponding Kerberos-specific LDAP attributes? Or even scripts? I'm especially looking at the Kerberos key attributes, i.e. - Heimdal: krb5Key - MIT: krbPrincipalKey Is it possible to convert the former into the latter? Is there any code available for this operation? If not, we would have to require all our users to change their passwords at the same time, which is not very feasible. Thanks in advance Bart ...

Kerberos and LDAP
Hi, Im still trying to get this to work. Server: Debian Etch (3 hostnames=lookout, ldap and kerberos, ip=192.168.212.15) Workstation: Ubuntu 8.04 (hostname=rofe.one.com, ip=192.168.212.93) I have followed the following guides: http://techpubs.spinlocksolutions.com/dklar/kerberos.html http://techpubs.spinlocksolutions.com/dklar/ldap.html Created my own user "ronni" the same way as the user "mirko" is. >From my workstation I can do: kinit ronni ldapsearch -x which both work. ldapsearch -x gives this output: # extended LDIF # # LDAPv3 # base <dc=one,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # one.com dn: dc=one,dc=com objectClass: top objectClass: dcObject objectClass: organization o: one.com dc: one # admin, one.com dn: cn=admin,dc=one,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # People, one.com dn: ou=People,dc=one,dc=com ou: People objectClass: organizationalUnit # Group, one.com dn: ou=Group,dc=one,dc=com ou: Group objectClass: organizationalUnit # ronni, group, one.com dn: cn=ronni,ou=group,dc=one,dc=com cn: ronni gidNumber: 20000 objectClass: top objectClass: posixGroup # ronni, people, one.com dn: uid=ronni,ou=people,dc=one,dc=com uid: ronni uidNumber: 20000 gidNumber: 20000 cn: Ronni sn: Ronni objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount loginShell: /bin/bash homeDirectory: /...

Kerberos + LDAP How-To
Thanks much to all of you for your responses. Much of what I wanted to do is actually answered more in depth on-line.... took me a long time to find good documentation on it. http://ofb.net/~jheiss/krbldap/howto.html Seems to be the best docs i've seen to date on the kerberos ldap link up. Just thought I'd share that. -Matt Joyce. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "Matt" == Matt Joyce <syslists@vtsystems.com> writes: Matt> Thanks much to all of you for your responses. Much of what Matt> I wanted to do is actually answered more in depth Matt> on-line.... took me a long time to find good documentation Matt> on it. Matt> http://ofb.net/~jheiss/krbldap/howto.html Matt> Seems to be the best docs i've seen to date on the kerberos Matt> ldap link up. Just thought I'd share that. And I naturaly would like to take the chanse of promoting http://www.bayour.com/LDAPv3-HOWTO.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Matt, why do you use SSL and put extra load on the client/server if you already use Kerberos ? SASL/GSSAPI does authentication AND encryption !! Cyrus-sasl may show only a SSF of 56, but this is only because is hardcoded in cyrus, ...

MIT Kerberos or Heimdal Kerberos?
Hi, How do I know the server install in the system is MIT Kerberos or Heimdal? I m using FreeBSD 5.2.1 Thanks sam ...

KERBEROS with LDAP
Hi all, I'm experiencing some problem between authentication and authorization through Kerberos and LDAP. This is my situation: I can authenticate on LDAP through the option -Y GSSAPI after having obtained a valid TGT from the KDC. I have some questions: Is it possible to authenticate via Kerberos on LDAP without obtaining prior a ticket (i.e. when i have to authenticate to the LDAP i want that username/password was asked and then these username/password allow to obtain the ticket from Kerberos). I'm asking this because i want that this new mechanism be invisible from a user point of view. Are there some solution to this problem or I need to implement by myself a customized client that communicate with kerberos and then with the ticket to LDAP^??? Another question is about how to map authentication to authorization in LDAP. The example found was very simple with a flat LDAP, I'm in an hard situation, with an extremely non-regular LDAP tree, how to find the correct mapping to the correct identity??? Thanks in advance, Andrea ...

Problem with LDAP Referrals and Kerberos LDAP Backend
Hello list, I have the following problem with the latest Kerberos Version (krb5-1.11.3) on Linux System. I use ldap as Backend module (with Sun / Oracle LDAP Directory Server). My setup is quite big, so we use also LDAP referrals. This works great with the Solaris (modified) Kerberos Release, but with Linux we have the following issue: DB module: db_library = kldap using LDAP hub or consumer server in "ldap_servers" (i.e. LDAP suffix containing KRB container (realm) is read-only and LDAP server sends referral(s) in case of LDAP MODs) does not work properly in case of modifications (e.g. change_password or updates of attributes (krbLoginFailedCount, ...)): KDC or KADMIN follow the LDAP referral but do not bind (LDAP) using a defined users (ldap_kdc_dn, ldap_kadmind_dn); instead an anonymous LDAP-bind is performed. Log from LDAP consumer server: [19/Oct/2013:12:34:46 +0200] conn=11412 op=7 msgId=8 - SRCH base="ou=people,dc=adm" scope=2 filter="(&(|(objectClass=krbprincipalaux)(objectClass=krbp rincipal))([1]krbPrincipalName=testuser@MITREALM))" attrs="krbPrincipalName krbCanonicalName objectClass krbPrincipalKey krbMaxRenewableAge krbMaxTicke tLife krbTicketFlags krbPrincipalExpiration krbTicketPolicyReference krbUPEnabled krbPwdPolicyReference krbPasswordExpiration krbLastFailedAuth krbLog inFailedCount kr...

MIT Kerberos and Solaris 10 Kerberos
Greetings, everyone. We run a number of Solaris 8 systems using Sun's SEAM PAM implementation and MIT's Kerberos (which we're up to date on). We are starting to look at Solaris 10, and are hoping to move towards Sun's implementation of Kerberos. We are having a bit of trouble getting the two to talk properly, however. If we SSH (from production to test, for example) to a Solaris 8 machine, then we can rlogin (Kerberized) to the Solaris 10 machine and, from there, rlogin to a Sol8 machine again. If, however, we SSH directly to the Solaris 10 machine, we cannot rlogin to a Solaris 8 machine. Doing various experiments (for example, trying to ksu on the Sol 10 machine), the only error we ever get is: ksu WARNING: Your password may be exposed if you enter it here and are logged in remotely using an unsecure (non-encrypted) channel. Kerberos password for ux5p@ATCOTEST.CA: : ksu: Server not found in Kerberos database while geting credentials from kdc Authentication failed. Doing an rlogin to a Sol 8 machine gives no errors at all; it just quietly fails. The above error seems to indicate that the Solaris 10 Kerberos isn't passing the tickets to the Sol 8/MIT Kerberos servers (which, based upon certain differences, would not be a big surprise). Has anyone gotten this to work? The Sol 10 system is using the default Solaris 10 PAM implementation as well; not sure if this is part of the problem, but the configuration files are significantly different. Th...

FTP and Kerberos
Hi, I get the following Kerberos related error when i do FTP from another machine(redhat 9.0) to my machine(redhat 9.0). How to solve this problem ? Should i Need to start/stop some daemons ? here is what happens when i do FTP !!! --------->>>>>>>>> Here is it .....>>>> Connected to 107.108.89.173. 220 localhost.localdomain FTP server (Version 5.60) ready. 334 Using authentication type GSSAPI; ADAT must follow GSSAPI accepted as authentication type GSSAPI error major: Miscellaneous failure GSSAPI error minor: No credentials cache found GSSAPI error: in...

migration from Kerberos 4 to Kerberos 5
Hello, I have a few questions about migration to a new Kerberos version. In fact, the goal is to migrate a network with Kerberos 4 to the Kerberos 5(under Lin8x): 1) Do I have to reinstall Kerberos from the scratch or are there packages that allow to update the version? 2) What about the users that I created, are they still valid or will user information be lost. Part of the network uses already an LDAP directory, do I suppose this will not be a problem for this part, but in general, how can I migrate my user-accounts to the new version? 3) What about the clients, do I have to re-install the Kerberos-client on each workstation or can I use the "old" Kerberos clients? Could anybody answer my questions and perhaps give me some good hints for the migration respectively point me to some good documents? Thanx, CB ...

Re: Re: Problem with LDAP Referrals and Kerberos LDAP Backend
Hello together, It seems that not much people use LDAP Referal together with MIT Kerberos. Never the less the missing support ("feature") is something I really need. Is it possible that anybody of the developers adds this functionality? If not: Greg, could you please precise the places or try to add it? I can do the necessary tests. Best regards Chris On 11/03/2013 03:13 PM, Christopher Racky wrote: > I don't understand why this behavior is expected. For my opinion this > is a bug. It's simplest to think of this as a missing feature. If I read the code correctly, callers of the OpenLDAP library follow referrals using anonymous binds by default. With additional effort, callers can control how referrals bind. Although I believe I know roughly how the preferred behavior could be implemented, it would not be trivial to develop or test, so I can't give you any guarantees as to when it might happen. - Hello Greg, Thank you very much for your reply. I don't understand why this behavior is expected. For my opinion this is a bug. I would expect that after processsing referrals the same credentials are still reused. Is that a missunderstanding on my side? If not: it seems to be, that you know very exactly the place where this must be fixed. I'm not sure if you are a developer. If yes, do ...

Kerberos and LDAP for Authorization
Hi, I am working on using Kerberos and LDAP together. Replacing the kdb with LDAP seems simple enough. What I am wondering is: is it possible to send back Authorization details from LDAP with the Kerberos ticket or do Applications have to talk directly to LDAP to get the users Authorization details? Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 ...

Replacing the system Kerberos with MIT Kerberos (from ports)
Is there a way to replace the Heimdal Kerberos libraries included in the FreeBSD base system with the MIT Kerberos libraries installed from the security/krb5 port? I know about the KRB5_HOME make option. I'm concerned about other "Kerberized" applications not working properly because they use the wrong client libraries, hence my desire to completely replace Heimdal with MIT Kerberos. The Heimdal Kerberos libraries shipped with the FreeBSD base system don't support TCP, so when a KDC replies to a client request with a response larger than the maximum UDP packet size, the Kerberos libraries return an error to the client instead of switching to TCP (which can handle large responses). I routinely encounter this problem when integrating FreeBSD servers and workstations into Windows Active Directory domains, where the KDC responses include additional authorization data derived from a security principal's group memberships: Samba's "net ads join" command fails with a "response too big for for UDP, retry with TCP" error when linked against Heimdal, but it succeeds (and everything else works properly) when linked against MIT Kerberos. (Note that I'm not willing to debate the semi-standard/non-standard inclusion of authorization data in a Kerberos ticket's PAC, nor am I willing to argue the applicability of the aforementioned operating systems to their assigned tasks.) Best wishes, Matthew ...

Kerberos?
Who's using Kerberos authentication? Any pointers to procedure or documentation will be appreciated! Hi James, Not Me! But have a look at Doc 317141. That explains it in some more detail than the normal manual. Martin Bowes > Who's using Kerberos authentication? Any pointers to procedure > or documentation will be appreciated! > _______________________________________________ > Info-ingres mailing list > Info-ingres@cariboulake.com > http://mailman.cariboulake.com/mailman/listinfo.py/info-ingres > James Latimer wrote: > Who's using Kerberos authentication? Any pointers to procedure > or documentation will be appreciated! me neither, but this Chapter 13 may be of use: http://downloads.ingres.com/download/connect.pdf ...

kerberos?
Is anyone out there using kerberos authentication with their NonStop hosts? Between this and ssh, I am having trouble keeping up! Thanks in advance. ...

Kerberos
Hello, I read on the ibm site that KRB5A authentication is only supported on 5.2. We are currently runnin 5.1 and have an MCA based machine so there is no chance in upgrading to 5.2. Is there an open-source kerberos package for AIX, and how would you go about installing it. Any help would be greatly appreciated. Rich ...

RE: MIT Kerberos and Solaris 10 Kerberos
Greetings, and thanks for the response. > > We run a number of Solaris 8 systems using Sun's SEAM PAM > implementation > > and MIT's Kerberos (which we're up to date on). We are > starting to look > > at Solaris 10, and are hoping to move towards Sun's > implementation of > > Kerberos. We are having a bit of trouble getting the two to talk > > properly, however. > > I'm confused - you cannot use the Solaris pam_krb5 with MIT Kerberos. > It is linked directly with the Solaris Kerberos libraries (private). I am trying to get the Solaris Kerberos (SEAM) on the Sol 10 system to talk to the MIT Kerberos on the KDC and other Solaris 8/MIT systems. > Solaris 10 Kerberos interops very well with MIT, Heimdal, and > Microsoft. > It has support for all of the enctypes (AES, RC4, 3DES, DES) finally. But I can't seem to get it to work. > > If we SSH (from production to test, for example) to a > Solaris 8 machine, > > then we can rlogin (Kerberized) to the Solaris 10 machine and, from > > there, rlogin to a Sol8 machine again. If, however, we SSH > directly to > > the Solaris 10 machine, we cannot rlogin to a Solaris 8 > machine. Doing > > various experiments (for example, trying to ksu on the Sol > 10 machine), > > the only error we ever get is: > > > > ksu > > WARNING: Your password may be exposed if you enter it here and are &g...

Kerberos Decrypted
http://www.digg.com/security/Kerberos_Decrypted ...

FW: MIT Kerberos and Solaris 10 Kerberos
Sorry, I accidentally sent this reply just to Wyllys. In the interest of keeping the thread complete, I'll put it to the list as well. R > That's because Solaris 10 'kadmin' uses RPCSEC_GSS and > MIT uses a slightly different RPC protocol. This is not a new > issue, its been a problem ever since we introduced SEAM. > > The solution is that if your KDC is MIT, then you must use the MIT > 'kadmin' client to manage it. OK, thanks. So, I'll have to keep the MIT binaries around as well... Rainer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

kerberos
Hi I have kerberos server setup, and it works fine with iseries navigator, I have to create a AS400 object now using Java and kerberos ticket, has any one done it successfully, does anyone have any code sample "polilop" <fmatosicSKINI@inet.hr> burped up warm pablum in news:fr3i5a$sn6$1@ss408.t-com.hr: > Hi > I have kerberos server setup, and it works fine with > iseries navigator, I have to create a AS400 object now > using Java and kerberos ticket, has any one done it > successfully, does anyone have any code sample You should read: http://publib.boulder...

OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two actions can be accomplished by a separate process, which can be forked and execd by the sshd and passed the environment which may have a KREB5CCNAME pointing at the Kerberos ticket cache Other parameters such as the home directory could also be passed. This would then allow simple code in OpenSSH that does not depend on OpenAFS, Hiemdal or MIT code to fork/exec the process that does all the work. This would be called by the process that would eventially become the user's shell process and is run as the user. OpenSSH could be built on systems that may or may not have AFS installed and run on a system with or without AFS. The decision is based on the existence of the executable and any options in sshd_config. In its simplest form, all that is needed is: system("/usr/ssh/libexec/aklog -setpag") This is a little over simplified as there should be a test if the executable exists, processing of some return codes, making sure the environment is set, setting some time limit. etc. But the point is there is no compile dependence on OpenAFS, MIT or Hiemdal by the Op...

Kerberos + LDAP + RADIUS?
We are re-architecting our whole authentication backend, and I am having a hard time trying to understand how Kerberos, LDAP, and RADIUS can all fit together. We currently use RADIUS and LDAP to do AAA, and group based security, but we are going to want to have an SSO functionality (thus introducing kerberos). I think I can see how Kerberos and LDAP fit together, with group based security: A user will authenticate with Kerberos=B9 authentication server, then attempt to be assigned a ticket with the ticket granting server =AD the ticket granting server will query LDAP to see if a user has access to the resource= , based on the groups that user is a part of. My problem is trying to figure out where RADIUS comes into the mix. It seems like there can be two options, but both seem to have problems: 1. Have authentication point to Kerberos server which will authenticate against radius : but this doesn=B9t make sense because when you authenticate against Kerberos, there is no password passed from client to server, so how will Kerberos be able to tell if that user/pass is accepted via Radius. 2. Have authentication point to radius, and have it authenticate against Kerberos : this defeats a whole security aspect of Kerberos =AD not passing the users password to the server, and how is it possible for the client to have the Kerberos ticket? Maybe I am missing something, or maybe this is just not possible. Any insight/tutorials/etc. would be helpful =AD there is not much on this t...

LDAP with kerberos auth
Hi All, I am trying to bring up a LDAP server with kerberos authentication. Is it necessary the LDAP and kerberos client run on a seperate machine or they can run on the same machine ? This is for testing a system. Also what are the steps to configurng the kerberos client and server ? How do I test the client ? Thanks Sunil On 2007-05-27 07:32:06 +0200, sunilkjin@gmail.com said: > Hi All, > I am trying to bring up a LDAP server with kerberos > authentication. Is it necessary the LDAP and kerberos client run on a > seperate machine or they can run on the same machine ? This is for > testing a system. Also what are the steps to configurng the kerberos > client and server ? How do I test the client ? > Thanks > Sunil If you intend to use kerberos principals in ldap, allowing them to act on the database, you should look for SASL and GSSAPI. Of course you can run ldap and kerberos on whatever machine you want. -- Sensei <senseiwa at Apple's mac dot com> Error. Keyboard not attached. Press F1 to continue... (Real BIOS Error) ...

Kerberos-LDAP infrastructure
Hi, =20 We'd like to deploy Kerberos it on our network. We already have a working Kerberos setup in our Lab which has a Master Kerberos server with an OpenLDAP backend and a Slave Kerberos server which also uses an OpenLDAP backend.=20 =20 Before we go live into production, we're looking for information on how to build the Kerberos infrastrucure (i.e. In which network DMZ do I install the KDC? Where should we install the slave Kerberos servers? Can we run a "hidden" KDC, much like a hidden Primary DNS server? How would that affect users who want to change their passwords? etc). =20 Unfortunately, we didn't find a lot of documentation which talks specifically about Kerberos architecture. That's why we're looking for experienced Kerberos users to help us deploy a good Kerberos infrastructure. =20 Our goals are to create a Hidden Master Kerberos and several Slaves. We plan to use the Kerberos/OpenLDAP services for authentication via SSH, OpenAFS, autofs maps, sudo rights plus users and groups. The Kerberos architecture has to support two different data centers. Both sites have serveral DMZ networks (WWW, Application and Database for the classic three tiered environment plus le local LAN). We'd like to use Kerberos to login on all of these networks. One slave in the LAN to support workstations and LAN servers. Other two slaves in a DMZ (which one?) for DMZ Servers support and as Workstation backup support. We need to have redundancy of co...

Web resources about - kerberos and LDAP. - comp.protocols.kerberos

Kerberos (protocol) - Wikipedia, the free encyclopedia
MIT developed Kerberos to protect network services provided by Project Athena . The protocol is based on the earlier Needham-Schroeder Symmetric ...

Trekkies miss out after push to name Pluto moon 'Vulcan' fails; Kerberos and Styx chosen instead
BAD news, 'Star Trek' fans: Pluto's fourth and fifth moons have been named Kerberos and Styx, despite 'Vulcan' being the top suggestion.

Meet Pluto's smallest moons: Kerberos and Styx
Pluto's two smallest known moons have been officially named after characters associated with the underworld of Greek and Roman mythology.

Pluto's moons named Styx and Kerberos, despite vote for Vulcan
... Astronomical Union vetoed a public vote to name one of Pluto's two most recently discovered moons Vulcan and named the moons Styx and Kerberos. ...

Meet Styx and Kerberos, Pluto's newly named moons
... of new moons orbiting Pluto (at SETI's behest), it decided to do some planetoid naming, too. Today, SETI announced those names: Styx and Kerberos. ...

Microsoft Issues Emergency Patch for Kerberos Bug
The vulnerability could enable an attacker to elevate privileges. Microsoft recommends that organizations consider rebuilding their Windows domains. ...

Kerberos Productions Offers Expertise to President on the Weaponization of Outer Space
... game violence to the President and Vice-President of the United States, Sword of the Stars 1 & 2, Fort Zombie, and NorthStar developer Kerberos ...

The fourth and fifth moons of Pluto have officially been named Kerberos and Styx, respectively.
The fourth and fifth moons of Pluto have officially been named Kerberos and Styx , respectively. The Earth's moon is still named fucking "Aiden." ...

Poll For Pluto's Moons Closes, Vulcan and Kerberos Win - Geekosystem
First the SETI Institute put it up for vote, then the geeks and nerds swarmed the Internet, and now it's as certain as it can be before the International ...

Kerberos unleashed at last: Pluto’s dog-bone moon poses another mystery
NASA’s New Horizons probe has finally filled out its family portrait of Pluto and its moons – and Kerberos, the last moon to get its closeup, ...

Resources last updated: 3/10/2016 3:07:19 PM