Kerberos Authentication Essay examples

Submitted By jenuhnuh
Words: 863
Pages: 4
Open Document
Kerberos Authentication: An Overview Kerberos, named after the three-headed dog of Greek mythology that is known for protecting the gates of Hades, is an authentication protocol developed by MIT through another project, Project Athena. Project Athena, which started in 1983 when MIT decided to use network computers as part of its campus curriculum. MIT had grants from DEC (Digital Equipment Corporation) and IBM, as well as multiple operating systems. The goals of Athena were to have a Single Sign-on (SSO), networked file systems, a unified graphical environment, and a naming convention service. Within 5 years, they had done this. Kerberos allowed for SSO as well as secure remote authentication. Microsoft picked up this program with its development and release of Windows 2000 to replace their previous authentication protocol CHAP (Challenge Handshake Application Protocol) that simply used a plaintext password and user name to authenticate. With Kerberos, this was upgraded to a password that uses encryption keys created using a pseudo-random number generator rather than relying on the password hash of the user. The password is involved in the process, but is not transmitted across the network and is only used in the beginning stage of logging on. When you first log in to the network, users must provide a log-in name and password in order to be verified by the Authentication Service (AS) portion of a Key Distribution Center (KDC) within their domain. The KDC has access to Active Directory user account information. Once successfully authenticated, the user is given a Ticket to Get Tickets (TGT). This TGT has a default lifetime of 10 hours and may be renewed through the user’s log-on session without requiring the user to re-enter his password. The TGT is cached on the local machine and used to request sessions with services throughout the network. The first step in the TGT retrieval process is that the AS request identifies the client to the KDC in plain text. If the client is identified, a time stamp will be encrypted using the user’s password hash as an encryption key. If the KDC reads a valid time it will know that request isn’t a replay of a previous request. If the KDC approves the client’s request for a TGT, the reply (referred to as the AS reply) will include two sections: a TGT encrypted with a key that only the KDC (TGS) can decrypt and a session key encrypted with the password hash that will handle all future communications. The user presents the TGT to the TGS portion of the KDC when desiring access to a server service. The TGS on the KDC authenticates the user’s TGT and creates a ticket and session key for both the client and the remote server. This information, known as the service ticket, cached on the client machine. The TGS receives the client’s TGT and reads it. If the TGS approves of the client’s request, a service ticket is generated for both the client and the target server. The client reads its portion using the TGS session and presents it to the target server in the client/server exchange. Once the client user has the client/server service ticket, he can establish the session with the server. The server can decrypt the information coming from the TGS using its own key. The client user is authenticated and a service session is established using the service ticket. After the ticket's
Show More

Related Documents: Kerberos Authentication Essay examples

Nt1330 Unit 3 Assignment

Vodafone Dubai made a request about integrating MS Windows 2008 Release 2 with Red Hat Enterprise Linux 6.8 for SSH authentication. Vodafone Dubai is the first of the Vodafone M2M required to integrate Windows 2008 Release 2 with Red Hat Enterprise Linux 6.8 for SSH authentication to be implemented on the Vodafone Dubai infrastructure and the implementation project has a tight timetable. It is well known that Red Hat Linux and Windows Server 2008 R2 have different models for representing user and…

Words 804 - Pages 4

Essay on Chapter 6 Review Questions

Chapter 6 review questions-Abhinav Anand 1. Define and explain the process of Kerberos A: Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. It has the following characteristics: It is secure; it never sends a password unless it is encrypted. 2. Identify two written password policies that you find to be the most important. Explain why you chose those two. A: Passwords should be unique and…

Words 348 - Pages 2

Internet Information Services and Iis Essay

Authentication is the process that helps a web server confirm the identity of the clients who request access to the server’s websites and applications. Authentication is a fundamental and crucial service—especially if the web server hosts private information or mission-critical applications. Microsoft Internet Information Services 7.0 (IIS)—the web server that’s bundled with Windows Vista and Windows Server 2008—includes several authentication options, both new options and updates to those in earlier…

Words 423 - Pages 2

Nt1330 Unit 1 Assignment 1

patient health record (PHR) information of each patient secure by encrypting with the CP-ABE scheme on the cloud . The PHR of each patient is maintained, and the patient has full access to monitor his/her record online after performing proper authentication. For example, a physician can only access the records of a patients sensitive information such as personal record or medical record. Also, a physician can perform update and veri cation of the medical record at multiple replicas by constructing…

Words 1108 - Pages 5

Network Security Essay

Table of Contents Network Security Requirements 3 Network Security Algorithms 6 Cryptography Applications 8 E-Mail Security 11 Wireless Networking Protocols 12 Network Security Requirements The OSI (Open Systems Interconnection) Reference Model consists of seven layers and provides a conceptual framework which determines how network aware devices interact and communicate with each other, (Briscoe, 2000). Actual communications is distinguished by several network protocols, which…

Words 2585 - Pages 11

Essay about Server Security Policy

your Windows logon passwords. Before you take any action, however, it's a good idea to become familiar with password authentication mechanics and to learn what types of password attacks are in use today. That way, you'll know not only how to protect yourself but also what you're protecting yourself from. Password Authentication Although Windows uses many types of authentication credentials (e.g., the Credential Manager cache, trusts, Local Security Authority—LSA—secrets), the 10 tips I provide…

Words 4291 - Pages 18

Nt1330 Unit 3 Network Essay

Question What different network traffic types are related to a Hyper-V host in a properly architected enterprise environment? How do vNICs help with this? Traffic types: Cluster - used for communication between the heartbeat and cluster shared volumes redirection Management - Provides a connection between the server running hyper v and the infrastructure - The management network must have connectivity between Active Directory Domain Services, Domain Name System, and Windows Server Update Services…

Words 855 - Pages 4

Which Core Part Of An Operating System Provides Essential Services

core part of an operating system provides essential services? a. Service b. Driver c. Kernel $ d. Module 2. Which among the following is the process of proving that provided identity credentials are valid and correct? a. Identification b. Authentication $ c. Authorization d. Nonrepudiation 3. The ability to run a backup is an example of which Windows feature? a. Permission b. ACL c. Capability d. Right $ 4. Which among the following is the best reason to define security groups while configuring…

Words 1659 - Pages 7

Nt1330 Unit 3 Exercise 1

The Romito.corp and Sovern.corp domains have a transient trust between them, allowing user authentication across domains. 1. Open Active Directory Domains and Trusts 2. Right click on the current domain in the tree on the left, select “New Trust” 3. Enter the DNS name of the trusted domain a. Forest Trust b. Select “Both this domain and the specified domain” 4. Enter Administrative credentials of the trusted server when prompted Group Policy Objects Both Sovern.corp and Romito.corp have a number…

Words 680 - Pages 3

Essay on Windows Network Proposal

zones will help. Storing zone data in Active Directory will prove automatic replication, fault tolerance, and distributed administration of DNS data. Zone data replication occurs during Active Directory replication, meaning it will be secured by Kerberos ("DNS Zone Facts"). File Services For file services, data security will be a priority for Shiv LLC. File servers will secure…

Words 1911 - Pages 8