J. G. Steiner, C. Neuman, and J. I. Schiller @ MIT
USENIX 1988, February 1998, pages 191-202
![]() |
Kerberos is third party authentication service
|
||||||
![]() |
Private key encryption, DES, is used |
||||||
![]() |
Three different level of protections are provided
|
![]() |
Servers and clients are named same way in kerberos |
||||||||||
![]() |
Format: primary-name.instance@realm
|
![]() |
General
|
||||||||||||||||||||||||||||||||||||||||||
![]() |
Procedure
|
![]() |
Two authenticator share a key for both TGSs |
![]() |
Client requests a TGS ticket for the other realm |
![]() |
Local authenticator gives a ticket encrypted by the shared key |
![]() |
Client gets tickets from the remote TGS |
![]() |
How long should lifetime of tickets be?
|
||||
![]() |
Authentication forwarding |
||||
![]() |
Can you truest the workstation which stashes session_key and tickets and software on the machine?
|