kerberos authentication
Download
Skip this Video
Download Presentation
Kerberos Authentication

Loading in 2 Seconds...

play fullscreen
1 / 9

Kerberos Authentication - PowerPoint PPT Presentation


  • 149 Views
  • Uploaded on

Kerberos Authentication. Kerberos . Requires shared secret with KDC ( perhaps not for PKINIT) Shared session key established Time synchronization needed Mutual Authentication Credentials allow impersonation. Authorization.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Kerberos Authentication' - lamond


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
kerberos
Kerberos
  • Requires shared secret with KDC ( perhaps not for PKINIT)
  • Shared session key established
  • Time synchronization needed
  • Mutual Authentication
  • Credentials allow impersonation
authorization
Authorization
  • How does the authentication mechanism fit in authorization topology
  • Authorization based on authenticated identity (mapping may be needed)
  • Authorization within authentication messages (Kerberos auth data)
  • What are authorization messages bound to?
kerberos with pull model 1
Kerberos with Pull Model 1

User Org

KDC

User Org

AAA

Server

TGT

AST

ID

AM

Secure Channel

Application

User

AST, Auth

OK

KDC: Kerberos Key Distribution Center

TGT: Ticket Granting Ticket

AST: Application Service Ticket

ID: Authenticate Identity

AM: Message Authorizing Application by User Org

kerberos with pull model 2
Kerberos with Pull Model 2

User Org

KDC

User Org

Authorization

Server

UOST

UOST

UOSTAuth

TGT

AST

AM

AST,(TGTkey), TGT

ASTAuth

Application

User

OK

KDC: Kerberos Key Distribution Center

TGT: Ticket Granting Ticket

TGTKey: TGT key enc. w AST session key (KRB_CRED)

UOST: User Org Authorization Server Service Ticket

AST: Application Service Ticket

AM: Message Authorizing Application by User Org

kerberos with pull model 3
Kerberos with Pull Model 3

User Org

KDC

User Org

Authorization

Server

UOST

Auth

TGT

UOST

AM

Application

User

UOST, Auth

OK

Secure Channel

KDC: Kerberos Key Distribution Center

TGT: Ticket Granting Ticket

UOST: User Org Authorization Server Service Ticket

Auth: Authenticator encrypted with session key

AM: Message Authorizing Application by User Org

push example
Push Example

User Org

KDC

User Org

Authorization

Server

UOST

TGT

UOST

CERT

AST

Application

User

CERT

AST

OK

KDC: Kerberos Key Distribution Center

TGT: Ticket Granting Ticket

UOST: User Org Authorization Server Service Ticket

CERT: Authorization For User Signed By User Org / Bind to User principal or ????

inter domain pull
Inter-Domain Pull

Application Org

KDC’

TR

User Org

KDC

TGT’

User Org

Authorization

Server

AST

TGT

TGT’

ID

AM

User

AST

Application

OK

KDC: User Org Kerberos Key Distribution Center

KDC’: Application Org Kerberos Key Distribution Center

TGT’: Application Org Ticket Granting Ticket

AST: Application Service Ticket

ID: Authenticate Identity

AM: Message Authorizing Application by User Org

TR: Trust Relationship

kerberos inter realm
Kerberos Inter-Realm

Application Org

KDC’

TR

User Org

KDC

TGT’

TGT’

AST

TGT

User

AST

Application

OK

ad