Professional Documents
Culture Documents
Kerberos: Gurwinder Singh C07323
Kerberos: Gurwinder Singh C07323
Gurwinder Singh
C07323
What is Kerberos?
• Developed by MIT
• Version 4 and 5.
• Network authentication protocol
• Shared secret-based strong 3rd party
authentication
• Available as open source or in supported
commercial software
• Passwords never sent across network
Why Kerberos?
Key
Distribution
Center
Authen-
Tication
Service
Susan’s
Desktop
Susan Computer
Ticket
Granting
XYZ Service Represents something Service
requiring Kerberos
authentication (web
server, ftp server, ssh Key
server, etc…) Distribution
Center
Authen-
Tication
Service
Susan’s
Desktop
Susan Computer
Ticket
Granting
XYZ Service Service
Key
“I’d like to be allowed to Distribution
get tickets from the Center
Ticket Granting Server,
please.
Authen-
Tication
Service
Susan’s
Desktop
Susan Computer
Ticket
Granting
XYZ Service Service
“Okay. I locked this box with
your secret password. If you
can unlock it, you can use its Key
contents to access my Ticket Distribution
Granting Service.” Center
Authen-
Tication
Service
Susan’s
Desktop
Susan Computer
Ticket
Granting
XYZ Service Service
Key
Distribution
Center
Authen-
Tication
TGT Service
ord Susan’s
myPassw
Desktop
Susan Computer
Because Susan was able to open the box
(decrypt a message) from the
TGT Authentication Service, she is now the
owner of a shiny “Ticket-Granting Ticket”.
Key
Distribution
Center
Authen-
TGT Tication
TGT Service
Susan’s
use XYZ Desktop
Susan Computer
Hey XYZ:
Susan is Susan. Ticket
CONFIRMED: TGS
Granting
XYZ Service Service
You’re Susan.
Here, take this.
Key
Distribution
Center
Authen-
Tication
TGT Service
Susan’s
Desktop
Susan Computer
Ticket
Granting
XYZ Service I’m Susan. I’ll prove
Service
it. Here’s a copy of
my legit service ticket
for XYZ.
Key
Distribution
Center
Authen-
Hey XYZ:
Hey XYZ: Tication
Susan is Susan.
Susan is Susan.
TGT Service
CONFIRMED: TGS
CONFIRMED: TGS
Susan’s
Desktop
Susan Computer
That’s Susan alright. Let me
determine if she is
Ticket
authorized to use me.
Granting
XYZ Service Service
Hey XYZ:
Susan is Susan. Key
CONFIRMED: TGS Distribution
Center
Authen-
Hey XYZ:
Tication
Susan is Susan. TGT Service
CONFIRMED: TGS
Susan’s
Desktop
Susan Computer
Authorization checks are performed by the XYZ
service…
Authen-
Hey XYZ:
Hey XYZ: Tication
Susan is Susan.
Susan is Susan.
TGT Service
CONFIRMED: TGS
CONFIRMED: TGS
Susan’s
use XYZ Desktop
Susan Computer
That’s Susan… again. Let
me determine if she is
Ticket
authorized to use me.
Granting
XYZ Service Service
Hey XYZ:
Susan is Susan. Key
CONFIRMED: TGS Distribution
Center
Authen-
Hey XYZ:
Tication
Susan is Susan. TGT Service
CONFIRMED: TGS
Susan’s
Desktop
Susan Computer
Weaknesses and Solutions
If TGT stolen, can be used to access Only a problem until ticket expires in a
network services. few hours.
• www.google.com
• www.wikipedia.com
Questions?