---

Fourth Edition
by William Stallings

[attachment=7838]

Chapter 14 – Authentication Applications

We cannot enter into alliance with neighboring princes until we are acquainted with their designs.
—The Art of War, Sun Tzu

Authentication Applications

Kerberos

trusted key server system from MIT
provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5

Kerberos Requirements

its first report identified requirements as:
secure
reliable
transparent
scalable
implemented using an authentication protocol based on Needham-Schroeder

Kerberos v4 Overview

a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT

Kerberos v4 Dialogue

obtain ticket granting ticket from AS
once per session
obtain service granting ticket from TGT
for each distinct service required
client/server exchange to obtain service
on every service request

for more:

http://docs.googleviewer?a=v&q=cache:V7Z...tb6wxZgz1A

---