1 / 28

KERBEROS

KERBEROS. CONTENTS Introduction What is Kerberos? Where does the name Kerberos came from? Why Kerberos? What does Kerberos do? Kerberos software components How Kerberos works? Kerberos names Kerberos database Kerberos from the outside looking in

baruch
Download Presentation

KERBEROS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. KERBEROS

  2. CONTENTS • Introduction • What is Kerberos? • Where does the name Kerberos came from? • Why Kerberos? • What does Kerberos do? • Kerberos software components • How Kerberos works? • Kerberos names • Kerberos database • Kerberos from the outside looking in • Kerberos issue and open problems • Effectiveness of Kerberos • Kerberos status • How widespread is deployment? • Advantages and Disadvantages • Commercial support for Kerberos • MIT Kerberos team • Conclusion • References

  3. INTRODUCTION • A NETWORK AUTHENTICATION PROTOCOL WHAT IS KERBEROS? • KERBEROS IS A TRUSTED THIRD-PARTY • AUTHENTICATION SERVICE BASED ON THE MODEL • PRESENTED BY NEEDHAM AND_SCHROEDER.

  4. Where does the name “Kerberos” came from? The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades. “CERBERUS” is the Latin spelling of the Greek “Kerberos”, and according to the OED is pronounced like “Serberus”, but that is quite at odds with the Greek, as the initial consonant is a “k”.MIT project Athena chose to use the Greek spelling and pronunciation.

  5. WHY KERBEROS? • SECURE THE DATA • RELIABLE SERVICE • TRANSPERANCY • SCALABILITY

  6. WHAT DOES KERBEROS DO? • Kerberos keeps a database of its clients and their private keys. • Kerberos provides three distinct levels of protection. • Kerberos provides safe messages.

  7. KERBEROS SOFTWARE COMPONENTS • KERBEROS APPLICATION LIBRARY • ENCRYPTION LIBRARY • DATABASE LIBRARY • DATABASE ADMINISTRATION PROGRAMS • ADMINISTRATION SERVER • AUTHENTICATION SERVER • DB PROPOGATION SOFTWARE • USER PROGRAMS

  8. Requesting a Kerberos Service • Getting the Initial Kerberos Ticket • Getting Kerberos Server Tickets HOW KERBEROS WORKS

  9. Flow of Authentication Information Logging on to the workstation P W A O S R S D ENTRY 3 1 User name TGT,TGS 2 Authentication Server Workstation

  10. Session key requested S E S S I O N key • TICKET • User name • NT address • Service name • Time stamp • Session key 4 TGS Session key TGT Ticket, 2 copies of session key Workstation 5 Ticket Granting Server Application Server

  11. Verifying the request Session Key 6 Ticket 7 Random number Random Number 8 Workstation Application Server Session Key

  12. KERBEROS NAMES • Key referral between Domains • Key referral between Trusted Domains

  13. KERBEROS DATABASE • The KDBM Server • The kadmin and kpasswd Programs • Kerberos Database Replication

  14. Kerberos from the Outside Looking In • Kerberos User's Eye View • Kerberos From the Programmer's Viewpoint • The Kerberos Administrator's Job

  15. Kerberos Issues and open Problems • How to decide the correct lifetime for a ticket? • How to allow proxies? • How to guarantee workstation integrity?

  16. HOW EFFECTIVE IS KERBEROS?

  17. KERBEROS STATUS A prototype version of Kerberos went into production in September of 1986. Since January of 1987, Kerberos has been Project Athena's sole means of authenticating its 5,000 users, 650 workstations, and 65 servers. In addition, Kerberos is now being used in place of .rhosts files for controlling access in several of Athena's timesharing systems.

  18. HOW WIDESPREAD IS DEPLOYMENT?

  19. ADVANTAGES AND DISADVANTAGES

  20. COMMERCIAL SUPPORT FOR KERBEROS • CyberSafe Corporation • Email: info@cybersafe.com • InterSoft International, Inc. • Email:http://web.mit.edu/kerberos/www/support@securenetterm.com • Email:http://web.mit.edu/kerberos/www/sales@securenetterm.com

  21. THE MIT KERBEROS TEAM • MIT Team Members • Jeff Schiller ('79) • Ted Ts'o ('90) • Tom Yu ('96) • Ken Raeburn ('88) • Paul Hill • Marshall Vale • Miroslav Jurisic • Alexis Ellwood • Danilo Almeida

  22. CONCLUSION

  23. REFERENCES • www.krbcore@mit.edu • http://web.mit.edu/kerberos • www.cisco.com • www.orw.gor • www.info@cybersafe.com • www.support@securenetterm.com • www.sales@securenetterm.com • www.cybersafecorporation.com • www.crypto_publish.org.com • www.decewg@es.net • www.tytso@mit.edu • The Kerberos newsgroup • Kerberos on the Macintosh • comp.protocols.kerberosFAQ

  24. THANK 'U'

More Related