Posts

Showing posts from March, 2022

Understanding Kerberos

Image
Kerberos is a network authentication protocol developed by MIT. It enables secure, mutual authentication between client and service over insecure network. Kerberos typically uses symmetric key encryption, although it is capable of both symmetric and asymmetric cryptography. Free implementation is available from the MIT, the most recent is krb5-1.19.3 (as of 14 Mar 2022). It is also widely used by many operating systems, such as MS Windows, RHEL, HP-UX and others.  Terminology Principal - a unique identity identified by username and realm (domain), represented in the format username@REALM.NAME Realm - logical group of resources and identities within Kerberos; called also domain and typically named after DNS domain Ticket - an encrypted data block used for authentication; tickets contain ticket key and session key KDC - Key Distribution Center, a trusted third party that issues tickets to principals TGT - Ticket Granting Ticket, a ticket that allows the client to obtain additional ticket