Kerberos

Question 1

Explain Kerberos in a nutshell:

Answer 1

• a protocol for authentication
• uses tickets to authenticate
• avoids storing passwords locally or sending them over the internet
• involves a trusted 3rd-party
• built on symmetric-key cryptography

Question 2

What is a ticket ?

Answer 2

your proof of identity encrypted with a secret key for the particular service requested

Question 3

What 3 interaction take place?

Answer 3

1. the Authentication Server
2. the Ticket Granting Server
3. the Service or host machine that you’re wanting access to.

Question 4

What does the TGT message contain?

Answer 4

your name/ID,
the TGS name/ID,
timestamp,
your network address 
lifetime of the TGT 
TGS Session Key

Question 5

How is the TGT encrypted?

Answer 5

TGS Secret Key

Question 6

TGT stands for:

Answer 6

Ticket Granting Ticket

Question 7

What is contained in the plaintext request for TGT?

Answer 7

your name/ID
the name/ID of the requested service (in this case, service is the Ticket Granting Server),
your network address
requested lifetime for the validity of the TGT,

Question 8

What does the AS do after receiving a plaintext request for TGT?

Answer 8

The Authentication Server will check if exist in the KDC database; no credentials are checked.

If there are no errors it will randomly generate a key called a session key for use between you and the Ticket Granting Server (TGS).

The Authentication Server will then send two messages back to you.