Kerberos Authentication
Overview
Kerberos is a secure communication protocol that provides strong authentication within a client/server architecture. It uses ticketing concepts to enable systems communicating over an unsecured network to prove their identity to one another securely. Moreover, it provides protection for logon credentials of principals of a system. Entities authenticate to network systems using different credentials such as username and password combination, smartcard, token and biometrics. Once entities authenticate themselves using Kerberos, they will be able to access multiple applications similar to single sign-on (SSO) principle. Furthermore, SSO reduces identification and authentication overheads by enabling users to gain access to multiple systems using a single account. Kerberos uses symmetric encryption algorithm to prove users authenticity. Moreover, it will protect data and messages against eavesdropping and replay attacks. Besides, users should securely maintain their secret keys to prove their identities to an authentication server.Components of Kerberos
In a Kerberos environment, users gain access to applications and systems deployed somewhere in the network through an authentication server. Moreover, as mentioned earlier it employs secure ticketing systems to authenticate and grant users access to these network resources.Users / Principals
These are the entities that will make use of Kerberos protocol for identification and authentication purposes. The user encrypts its username and corresponding credentials and sends it to the KDC mainly to the authentication server (AS). Besides, this takes place in the form of hashed secret key for secure storage and validation reasons. The user will request a Ticket Granting Ticket (TGT) from the authentication service (AS) through this registered and stored identity. More specifically, the user requests authentication by sending a message encrypted using the user’s secret key. This is because of the symmetric encryption the Kerberos uses. If the authentication process is successful, the AS will issue a TGT to the requesting user.Authentication Server (AS)
The authentication service (AS) is responsible to perform user authentication through an exchange of encrypted piece of data. If the user is able to decrypt the data using a shared secret key, the server will automatically authenticate the user. The authentication server is the first line of defense and authorizes users to request tickets. In other words, users will not be able to request tickets directly from the Ticket Granting Service (TGS). Moreover, when users inquire registration, the AS will authenticate each user before permanently storing their record in the KDC. Furthermore, the AS checks and issues TGT to users requesting resources based on this information.Ticket Granting Service (TGS)
The Ticket Granting Service (TGS) securely issues tickets to authenticated users. Moreover, the tickets are time stamped and expire after a few hours perhaps after eight hours. In addition, it holds credentials for principals (Users), applications, and services. Moreover, it stores the secret and session keys for secure transactions. The user sends the TGT and requests a ticket for service from the TGS. The TGS in turn verifies and sends Ticket for Service back to the user.Key Distribution Center (KDC)
The KDC is the heart of Kerberos established to perform registration for new entities. Moreover, KDC is the server that holds and maintains all users and services credentials and keys. Besides, it provides secure authentication to entities referred to as principals (users, applications or services). In addition, it provides security services for a set of principals in their defined domains.Application Server / Network Services
The authentication server performs certificate-based authentication but does not provide credential tickets. However, the server may hold user credentials or work with Active Directory (AD) and LDAP databases. Ticket is shown by a subject to an object in the defined realm to request access. Moreover, the user sends the Ticket for Service and request access to resources. Finally, the server grants access and authenticates the user.Kerberos Architecture
The Kerberos architecture has three major components. These are the Authentication Server (AS), the Ticket Granting Service (TGS) and the resources server where applications and systems reside. Hence, that is why the name the 3-headed dog authentication mechanism, referring to its Greek origin. Moreover, it is a network authentication protocol that provides strong authentication services to client-server environments. In kerberized environment, users employ the steps depicted in the following diagram.![](https://merebatigray.com/wp-content/uploads/2022/07/Kerbo2.webp)
Steps in Kerberos Authentication
Users in Kerberos environment employ three major steps in order to prove their identity, be authenticated and access resources. Moreover, they will need to have necessary privileges to create sessions and gain access to the centralized services. Let us briefly discuss about the three steps as follows:- The principal requests the authentication server (AS) by sending a message encrypted with its private key. If the authentication is successful, the AS will issue Ticket Granting Ticket (TGT) for the principal. Besides, the TGT will authorize the user to further request more tickets to access services.
- Next, the principal will request the Ticket Granting Service (TGS) for Service Ticket by sending the TGT. If the user has a privilege to access services, the TGS will again issue Service Ticket to the requesting entity.
- Finally, the principal will send the Service Ticket to the server or network service that hosts the particular service the user is requesting. Besides, the server will check the validity of the Service Ticket and grant the user access to the service.
SHOWPIN 122 in 1 Precision Computer Screwdriver Kit, Laptop Screwdriver Sets with 101 Magnetic Drill Bits, Electronics Tool Kit Compatible for Tablet, PC, iPhone, PS4 Repair
(5120)
Powerful Functions: 122 in 1 precision screwdriver set contains 98 screwdriver bits, 3 Torx TR screwdriver bits and 21 auxiliary tools, such as screwdriver handle, flexible shaft, extension rod, magnetizer, magnetic pad, cleaning brush etc. Own this ... read more
Compressed Air Duster, 3 Gear to 51000RPM Cordless Electric Air Duster, 6000mAh Rechargeable Air Blower with LED Light for Laptop Computer Keyboard Cleaning Pet Hair Crumb Replaces Compressed Air Can
$29.98 (as of 25/06/2024 15:32 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)TRUE 51000RPM: Our air duster adopters the most advanced motor, the maximum speed can reach TRUE 51000RPM, low energy consumption and longer lifespan. Great to help you deep cleaning, computers, Camera, electronic products, or for inflation. The cool... read more
Baseus USB C to HDMI Adapter, 4K@60Hz USB C Docking Station, 7 in 1 USB C Hub with 3 USB-A, PD 100W, TF/SD Card Reader, USB C Dock Compatible for iPhone 15/Mac/Dell/Acer/HP/ASUS/Steam Deck/Rog Ally
50% Off【7-in-1 Design】USB hub for laptop with 1 HDMI port, 3 USB3.0 ports, 1 SD/TF card slot, and 1 USB-C PD port, excellent connectivity to satisfy all your expansion needs at once, much higher efficiency at work. 【4K@60Hz Ultra Clarity】USB c to hdmi adapt... read more
ASUS Vivobook 15.6” FHD Laptop, AMD Ryzen 3 3250U, 8GB RAM, 128GB SSD, Windows 11 Home in S Mode, Transparent Silver, M515DA-WS33
$319.33 (as of 25/06/2024 15:28 GMT -04:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)【Day-to-day Productivity】: This Windows laptop equipped with Windows 11 Home in S Mode, an AMD Ryzen 3 Processor, and AMD Radeon graphics, is designed to deliver a fast and smooth experience. 【Enhanced Protection】: Crafted with exceptional durability... read more