Kerberos
A network authentication protocol designed to provide secure authentication over unsecured networks.
Kerberos uses a ticketing system to allow hosts on a network to prove their identity to each other securely. It's named after the guard dog of the Greek underworld with three heads. It requires the use of a Key Distribution Center (KDC) and has three main systems:
- Authentication Service: handles user authentication when accessing services
- Ticket Granting Service: connects the user to the service once authenticated
- Kerberos Database: Where user IDs and passwords are stored, usually on an LDAP server or the Security Account Manager in theĀ Active Directory context.
Authentication w/ Kerberos
Kerberos authenticates both human users and app services, referred to as "principals." The process is as follows:
- AS Request
- TGT Issuance
- TGS Request
- Service Ticket Issuance
- Service Access
Kerberos can also be used with smart cards. In this case, the chip inside the smart card stores an encryption keypair and a digital certificate, issued by the authenticating domain.
No comments to display
No comments to display