Friday, February 2, 2018

Kerberos

https://en.wikipedia.org/wiki/Kerberos_(protocol)

symmetric key cryptography + trusted 3rd party
UDP port 88



https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/how_to_set_up_sso_with_kerberos/sso_with_kerberos_deeper_dive




https://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface



KDC = Key Distribution Center

TGT = Ticket-Getting Ticket

AS = Authorization Server

ST = Service Ticket

TGS = Ticket Granting Service

SPN = Service Principal Name

1) AS-REQ / AS-REP : user logs in, using key in keytab file he authenticates in AS/KDC. AS/KDC checks if user exists in its DB. User gets a TGT (time limited)
2) user


Kerberos uses a keytab file https://kb.iu.edu/d/aumh

Microsoft articles:

https://technet.microsoft.com/en-us/library/cc772815(v=ws.10).aspx

https://msdn.microsoft.com/en-us/library/cc246080.aspx

Microsoft Kerberos training videos (4):

https://www.youtube.com/playlist?list=PL97898A4367BC1A7B

Kerberos Constrained Delegation https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview





Posted by vernetto at 3:05 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)