Kerberos
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Kerberos as PDF for free.
More details
- Words: 368
- Pages: 2
Kerberos Kerberos is an authentication system for open systems and
networks. Historically, Kerberos has been used with Unix-oriented protocols such as Sun's Network File System and in the exchange of certificates. Kerberos uses an encryption system based on the Data Encryption Standard. Each user has a private authentication key. How does Kerberos work? 1. Like its namesake, the many-headed dog who guards the entrance to the underworld, Kerberos guards the data transmitted between machines that communicate over the network. 2. Kerberos uses cryptographic keys known as tickets to protect the security of the messages you send to the system and the messages the system sends back to you. 3. Kerberos never transmits passwords, even in encrypted form, on the network. 4. Passwords reside only in a highly secure machine called a key server. 5. Kerberos performs authentication both when you log into the system and when you request any type of network service (e.g., a printer or a mail system). The Kerberos authentication sequence works like this: 1. When you log in, you enter your login name. The login process sends your login name to the Kerberos key distribution service, which returns the following to you: o An encrypted session key a temporary key you use to communicate with the Kerberos ticket granting service . o An encrypted ticket for the Kerberos ticket granting service. 2. You enter your password. The login process uses your password as a private key to decrypt the session key and the ticket sent to you by the key distribution service. If the decryption works, you're authenticated. 3. When you request a network service (e.g., mail), the system sends your temporary session key and your ticket granting ticket to the Kerberos ticket granting service. Each service has its own password. The ticket granting service returns a temporary key and a ticket for use with the service. The system uses your session key to decrypt the key and the ticket. 4. To make the connection to the service, the system sends the service your session key, your temporary service key, and your service ticket.
If the server can decrypt the request sent to it, you're allowed to use the service.
networks. Historically, Kerberos has been used with Unix-oriented protocols such as Sun's Network File System and in the exchange of certificates. Kerberos uses an encryption system based on the Data Encryption Standard. Each user has a private authentication key. How does Kerberos work? 1. Like its namesake, the many-headed dog who guards the entrance to the underworld, Kerberos guards the data transmitted between machines that communicate over the network. 2. Kerberos uses cryptographic keys known as tickets to protect the security of the messages you send to the system and the messages the system sends back to you. 3. Kerberos never transmits passwords, even in encrypted form, on the network. 4. Passwords reside only in a highly secure machine called a key server. 5. Kerberos performs authentication both when you log into the system and when you request any type of network service (e.g., a printer or a mail system). The Kerberos authentication sequence works like this: 1. When you log in, you enter your login name. The login process sends your login name to the Kerberos key distribution service, which returns the following to you: o An encrypted session key a temporary key you use to communicate with the Kerberos ticket granting service . o An encrypted ticket for the Kerberos ticket granting service. 2. You enter your password. The login process uses your password as a private key to decrypt the session key and the ticket sent to you by the key distribution service. If the decryption works, you're authenticated. 3. When you request a network service (e.g., mail), the system sends your temporary session key and your ticket granting ticket to the Kerberos ticket granting service. Each service has its own password. The ticket granting service returns a temporary key and a ticket for use with the service. The system uses your session key to decrypt the key and the ticket. 4. To make the connection to the service, the system sends the service your session key, your temporary service key, and your service ticket.
If the server can decrypt the request sent to it, you're allowed to use the service.
Related Documents
Kerberos
November 2019 3
Kerberos
April 2020 1
Kerberos Chart
June 2020 1
