Third Party

Authentication
Presented By;
Gopal Subedi
 Content;

• Introduction
• How it works ?
• Advantage
• Disadvantage
 Introduction
• Authentication means verifying the identity of someone (a user, device,
or an entity) who wants to access data, resources, or application.
• Present of third party to establish connection and authentication
between server and client.
• Kerberos is secret key based service for providing authentication in
network.
• Third party is involved in authentication between sever and client
which is Key Distribution Center (KDC).
How does Kerberos works ???
Step:1 Request Ticket Granting Ticket from AS
Step:2 Ticket Granting Ticket
Step: 3 Present TGT to TGS and request token.
Step: 4 Service token received from TGS.
Step: 5 Present service token to the server.
Step: 6 Authorize Kerberos client and grant access.
 Advantage;
• Passwords are never sent across the network unencrypted.
• Clients and applications services mutually authenticated.
• Tickets have limited lifetime.
• Authentication through the AS only has to happen once.
• Sharing secret keys is more efficient than public-keys.
 Disadvantage;
• Can be a challenge to set up.
• Compromise of central server will compromise all users secret keys. If
stolen, TGT can be used to access network services of others.
• Kerberos only provides authentication for clients and servers.
• Vulnerable to users making poor password choices.
 Sources;
• www.google.com
• www.Wikipedia.com
• www.youtube.com
• www.slideshare.net
• Text Book (E-commerce)