This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Kerberos Authentication Service
Kerberos Authentication Service

Version management

Difference between version and

At line 1 added 20 lines
!!! Overview
[Kerberos Authentication Service] (AS Exchange) is between the [Client-Principal] and the [Kerberos] Authentication Server is initiated when a [Client-Principal] wishes to obtain [authentication] [credentials] for a given [resource] but currently holds no [credentials].
The [AS Exchange] is the [Kerberos] [Ticket Granting Ticket] ([TGT]) [request] and [response] sent from the [client] to the [Key Distribution Center] ([KDC]).
If the [AS Exchange] is successful, the client is provided with a [Ticket Granting Ticket] ([TGT]).
[{$pagename}] does __NOT__ verify that the [Client-Principal] issuing a [request] is a valid [client], [{$pagename}] sends a blind [response] a of a [TGT] that an [attacker] won't be able to process if he does not have the [Client-Principal]'s [password].
The [{$pagename}] is a component of a [Kerberos] system which [authenticates] [clients], and [TGT] that the [client] can send to the [TGS] to get a [Client-To-Server Ticket].
In its basic form, the [Client-Principal]'s [Secret-key] is used for [encryption] and [decryption]. This exchange is typically used at the initiation of a login session to obtain [credentials] for a [Ticket Granting Service] which will subsequently be used to obtain [credentials] for other [Service Providers] without requiring further use of the [Client-Principal]'s [secret-key].
The [{$pagename}] exchange may also used to request credentials for services that must not be mediated through the [Ticket Granting Service], but rather require knowledge of a [Client-Principal]'s [Secret-key], such as the [password] change service (the password-changing service denies requests unless the requester can demonstrate knowledge of the user's old password; requiring this knowledge prevents unauthorized password changes by someone walking up to an unattended session).
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop