Kerberos Flashcards

1
Q

What is Kerberos?

A

Another way to tackle the problem is the use of authentication software tied to a secure authentication server. This is the approach taken by Kerberos.

Kerberos, initially developed at MIT, is a software utility available both in the public domain and in commercially supported versions. Kerberos has been issued as an Internet standard and is the de facto standard for remote authentication, including as part of Microsoft’s Active Directory service.

The overall scheme of Kerberos is that of a trusted third-party authentication service. It is trusted in the sense that clients and servers trust Kerberos to mediate their mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the role of the authentication server?

A

authentication server (AS) that knows the passwords of all clients and stores these in a centralized database. Then the user can log onto the AS for identity verification. Once the AS has verified the user’s identity, it can pass this information on to an application server, which will then accept service requests from the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the flow of Kerberos?

A
  1. user logs onto system
  2. AS verifies access rights and creates ticket and session key
  3. Prompts user for password, then sends ticket/authenticator
  4. TGS decrypts ticket and authenticator; creates ticket for application server
  5. Workstation sends ticket and authenticator to host
  6. Host verifies ticket and authenticator match and then grants access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a ticket-granting ticket?

A

ticket-granting ticket -> Comes in the first two steps of the Kerberos flow; created when user has access rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the components of a Kerberos architecture?

A

A full-service Kerberos environment consisting of a Kerberos server, a number of clients, and a number of application servers, requires the following:

The Kerberos server must have the user ID and password of all participating users in its database. All users are registered with the Kerberos server.

The Kerberos server must share a secret key with each server. All servers are registered with the Kerberos server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of encryption did the original Kerberos use?

A

The original version of Kerberos used the Data Encryption Standard (DES) as it’s encryption algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly