[Kerberos] Kerberos Authentication Process Collation

Kerberos is a security authentication protocol intended to provide

• More secure authentication
• Simplified management of password
• Convenience of single

The basic structure of Kerberos

• Kerberos Client: The party requesting the service
• Kerberized Service: The party providing the services
• Kerberos KDC: A party that provides authentication for password management. Both client and service provider keep their privacy in the KDC.

Kerberos Authentication Process

1. Client requests a TGT from the KDC

Client sends a packet containing only principal to the KDC

The KDC queries whether the user principal database exists, and if so, generates a TGT that has been encrypted by the KDC key and a time sensitive session key. It is then returned to a tgt+session key that has been encrypted with a user key

2. Client requests service from KDC

The client generates a authenticator, encrypts it with session key, and requests the service name, TGT, and a concurrent send to the KDC.

The KDC compares the authenticator and TGT, and if there is no problem, trusts the client and returns to the client a service ticket and a new session key encrypted with the service key, returning the packet for the first session Key encryption.

3. Client requests Services to service

The client receives the packet returned by the KDC, encrypts the authenticator with the new session key, and sends the service ticket together with the service.

The service receives the packet, opens the service ticket with its own key, and then opens the authenticator with the session key inside the service ticket. If the validation passes, the service data that the client wants is returned.

[Kerberos] Kerberos Authentication Process Collation