This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
AP_REP
AP_REP

Version management

Difference between version and

At line 1 added 13 lines
!!! Overview
[{$pagename}] is generated when the previous [AP_REQ] arrives, the [Kerberos Authentication Service] checks whether PrincipalClient and PrincipalService exist in the [KDC] database: if at least one of the two does not exist an error message is sent to the client, otherwise the Authentication Server processes the reply as follows:
[Kerberos Authentication Service] randomly creates a [Session Key] which will be the [secret] shared between the [client] and the [TGS].
[Kerberos Authentication Service] creates the [Ticket Granting Ticket] putting inside it the requesting user’s [principal], the service [principal] (it is generally [KRBTGT]/REALM@REALM, but read the note* for the previous paragraph), the [IP Address] list (these first three pieces of information are copied as they arrive by the AS_REQ packet), date and time (of the KDC) in timestamp format, lifetime (see note*) and lastly the session key. [Kerberos Authentication Service] generates and sends the reply containing: the ticket created previously, encrypted using the secret key for the service, the service principal, timestamp, lifetime and [Session Key] all [encrypted] using the [Secret-key] for the user requesting the service.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Kerberos Operation|https://zeroshell.org/kerberos/kerberos-operation/|target='_blank'] - based on information obtained 2018-05-16
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop