Download presentation
Presentation is loading. Please wait.
Published byWalter Liscomb Modified over 10 years ago
1
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller Massachusetts Institute of Technology University of Washington 3 rd May, 2004 Presented by Sookhyun, yang Proceedings of the Winter 1988 Usenix Conference
2
2/9 Contents Motivation What is Kerberos? Kerberos Software Component Kerberos Name How Kerberos Authentication Works? Kerberos Database Conclusion
3
3/9 Motivation How access control in a network of users requiring services from many separate computers? Requirement of Authentication in open network –Secure –Reliable –Scalable –Transparent Server user1 user2 user3 … Client Closed environment Login Server service Server service controlled client server controlled server Service identification?? Service Client Server user Open network Kerberos authentication
4
4/9 What is Kerberos? Trusted third-party authentication service Based on Needham and Schroeder key distribution algorithm Ticket = {server, client, address, timestamp, lifetime, Ks,c}Ks password Database Name … Private key … ExpireDate … Private key (encrypted password) Service … Server Client user … Private key (at registration) Kerberos Session key Kerberos client program - …
5
5/9 Kerberos Software Component Kerberos application library Encryption Library (DES) Database Library (DB management) Database Administration programs End-user ProgramsApplications Database Propagation Software Administrative Server (KDBM server) Authentication Server (Kerberos server)
6
6/9 Kerberos Name primary_name.instance@realm Example – –rlogin.priam@ATHENA.MIT.EDU The name of the user or the service Usually the name of the machine on which the server runs The name of an administrative entity that maintains authentication data in domain
7
7/9 How Kerberos Authentication Works? User/Client Login session setup Server session setup http Server ftp Authenticationserver Authen- tication service Ticket granting service 2. Ticket for TGS (Session Key) 3. Request for rlogin ticket 4. Ticket for rlogin (Session Key) 1. Request for TGS ticket 5. Request for service rlogin 6. Reply Encrypted DoOperation telnet
8
8/9 Kerberos Database Master-slave structure –Master machine Read/Write operation to DB Definitive copies –Slave machine Read-only to DB Copies from master machine Authentication requests - slave/master machine Administration requests - master machine Database replication –Each Kerberos realm has a master Kerberos machine –Checksum WS
9
9/9 Conclusion Kerberos system is … –Secure –Reliable –Scalable –Transparent But, –Has many limitations and weaknesses
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.