01-01-2011, 11:44 AM
Fourth Edition
by William Stallings
[attachment=7838]
Chapter 14 – Authentication Applications
We cannot enter into alliance with neighboring princes until we are acquainted with their designs.
—The Art of War, Sun Tzu
Authentication Applications
Kerberos
trusted key server system from MIT
provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
Kerberos Requirements
its first report identified requirements as:
secure
reliable
transparent
scalable
implemented using an authentication protocol based on Needham-Schroeder
Kerberos v4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket granting ticket TGT)
have a Ticket Granting server (TGS)
users subsequently request access to other services from TGS on basis of users TGT
Kerberos v4 Dialogue
obtain ticket granting ticket from AS
once per session
obtain service granting ticket from TGT
for each distinct service required
client/server exchange to obtain service
on every service request
for more:
http://docs.googleviewer?a=v&q=cache:V7Z...tb6wxZgz1A