What is Kerberos
- Kerberos is authentication protocol where ticket(TGT) is provided to authenticated users and services
- How user is authenticated and accesses a Service?
sequenceDiagram
participant u as User
participant c as Client
participant as as AuthenticationServer
participant tgs as TicketGrantingService
participant svc1 as Service1
participant db as Database
u ->> c: enter username,pass
c ->> as: Auth request
as ->> db: Check user cred
db ->> as: Valid
note over as: Create TGT, Session key
TGT encrypted by user's secret key
as ->> c: TGT
note over c: Want to access Service1
c ->> tgs: Access to Service1+TGT
note over tgs: verify TGT and extract Sessionkey
Valid
tgs ->> c: Service Ticket(encrypted by session key)
c ->> svc1: Service Ticket
note over svc1: Decrypts service ticket and get session key
Communication b/w svc1 & client encrypted by session key
Terms
- Keytab(key table)
keys derived from a password